Director, Cyber Risk Management & Compliance

Director, Cyber Risk Management & Compliance

Director, Cyber Risk Management and Compliance

Who are we?

Versant Health is one of the nation's leading administrators of managed vision care, serving millions of our clients' members nationwide. We are driven by our mission to help members enjoy the wonders of sight through healthy eyes and vision.

As a Versant Health associate, you can enjoy a comprehensive Total Rewards package, which includes health and dental insurance, tuition reimbursement, 401(k) with company match, pet insurance, no-cost-to-you vision insurance for you and your qualified dependents. We are also invested in your success. There are many opportunities for advancement and development throughout all stages of your career with us.

See how you can make a difference with the support of strong leadership and a team environment.

See Everything, Be Anything™.

What are we looking for?

The Director, Cyber Risk Management and Compliance leads the Governance, Risk Management, and Compliance capability for Cybersecurity and serves as an advisor to business. An experienced leader who maintains and expert-level of understanding of leading cybersecurity frameworks and certification requirements and clearly understands the common controls (both technical and non-technical) needed to comply with said requirements. This role oversees cyber risk mitigation strategy. This role is responsible for leading the coordination of security compliance efforts that are required for security access, audit response, policy and security exception oversight, risk management and the development and implementation of information security policies, procedures, guidelines and standards. This role leads the Cyber Risk Management and / or Governance, Risk and Compliance team members in providing best-in-class awareness training, manage all aspect of our information security policies, identify and track security risks through to completion.

Where you will have an impact

Create and maintain information security policies, compliant with the NIST 800-53 framework and various certifications and attestations

Collaborate with corporate compliance to mitigate risks and ensure control and policy alignment with HITRUST, SOC 2 Type 2, SOC 1, HIPAA, and other regulatory requirements

Evaluate risks, understand control and develop governance processes to support the company and articulate issues, develop consensus, raise awareness, and provide and implement solutions

Monitor changes in regulatory and industry standards, assessing their impact on the organization, and advising on necessary adjustments

Collaborate with internal teams and external stakeholders to implement risk mitigation strategies.

Establish metrics and reporting mechanisms to measure and communicate risk levels to the CISO and senior leadership

Play an active role in ensuring data governance (data classification, appropriateness of storage, tracking data custodianship, data destruction, etc.

Serve as subject matter expert in supporting, leading, and providing guidance on the development, implementation, and monitoring of the enterprise Information Security controls

Oversee and provide strategic cybersecurity training and awareness to company associates to promote appropriate cyber-defense behaviors

Respond to customer requirements, providing relevant security responses post discussion with internal stakeholders

Translate business needs and regulatory requirements into risk appropriate controls to successfully implement security policies, standards, and guidelines

Perform security risk assessments to identify gaps, come up with recommendations and drive the gaps to completion

Conduct IT systems security assessment and reviews for compliance with established security standards, policies, procedures and guidelines. Oversees the facilitation of information security risk assessment methodologies and manages information security risk assessments and mitigation practices

Develop, maintain, assign, and oversee the controls necessary to remain HITRUST, HIPAA compliant and obtain a SOC2 type II certification

Build metrics with the Security teams to help measure and manage the Security programs and training This is primarily a remote position; 10% or less travel expected

What's necessary to do the job?

Bachelor's degree in a relevant field (e.g. Computer Science, Management Information Systems)

Minimum of 10 years of relevant experience in Cyber Security, Technology Risk Management and / or Auditing

Demonstrated expertise in processes development and improvement related to Information Security Governance, Risk and Compliance domains including Security Policy Management, Security Compliance Management, Risk Management, Vendor Security Risk, and regulatory disclosures.

Advanced knowledge and direct experience with technology frameworks such as NIST CSF, NIST 800-53, HIPAA, PCI, etc.

Strong written and verbal communication and presentation skills, and ability to work with all levels of the organization.

Demonstrated ability to lead, collaborate and work in a team environment enabling others to trust and grow their skills and competencies

Thorough understanding of network defense technologies, TCP / IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing methodologies

Extensive Windows, Mac, Linux and Unix operating system systems administration knowledge and common configuration deficiencies

Desktop, server, application, database, and network security hardening principles and practices for threat prevention

Experience in security architecture design, network segmentation, firewall rulesets, network edge access control lists, and cloud security

Strong understanding of an information security stack including Firewalls (Cisco, Palo Alto), IDS, IPS, proxy, cloud access and encryption, DMZ architecture, SIEM, logging, anti-virus / anti-malware, endpoint detection and response, host-based firewall, application whitelisting, file integrity monitoring, etc

Experience in managing effective training and awareness programs, with demonstrable measurements and outcomes to show positive impacts of the training program.

Excellent communication skills with the ability to convey technical concepts to non-technical stakeholders

Leadership and team-building skills, with the ability to manage cross-functional teams effectively

Certifications in any of the following are a plus : CISSP, CIS certification in IRM in either : Risk and Compliance, Vendor Risk Management OneTrust GRC Professional Certification

HIPAA & Security Requirements

All Associates must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI) as described in the Notice of Privacy Practices and HIPAA Privacy Policies and Procedures. As a component of job roles and responsibilities, Associates may have access to covered information, cardholder data or other confidential customer information which must be protected at all times. As a result, Associates must explicitly adhere to all data security guidelines established within the Company's Privacy & Security Training Program.

Versant Health will never request money from candidates who seek employment with us and will never ask for any payment as part of the recruitment process.

Versant Health is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at Versant Health without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic / civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.

The wage range for applicants for this position is [$180,000.00 to $190,000.00].

All incentives and benefits are subject to the applicable plan terms.

Salary : $180,000 - $190,000