What are the responsibilities and job description for the Director of IT Governance and Compliance position at VUMI Canada, Inc.?
Reporting To
CIO
Overview
The Director of IT Governance and Compliance is a senior leadership role responsible for guiding VUMI Group's information security, compliance, and IT governance frameworks. This position ensures adherence to international regulatory standards, including HIPAA and GDPR, and leads initiatives to obtain and maintain SOC 2 Type 2 and/or ISO 27001 certifications. The role oversees the Cyber Security and Compliance Team, directing strategic initiatives that enhance cybersecurity posture, compliance management, operational governance, budget and cost management within IT, and designing and implementing robust Business Continuity and Disaster Recovery (BCDR) plans.
Key ResponsibilitiesStrategic Governance and Compliance Leadership
The Director of IT Governance and Compliance is instrumental in driving VUMI’s global growth strategy, enhancing operational excellence, and fortifying regulatory compliance, positioning the organization as a trusted leader in international health insurance.
CIO
Overview
The Director of IT Governance and Compliance is a senior leadership role responsible for guiding VUMI Group's information security, compliance, and IT governance frameworks. This position ensures adherence to international regulatory standards, including HIPAA and GDPR, and leads initiatives to obtain and maintain SOC 2 Type 2 and/or ISO 27001 certifications. The role oversees the Cyber Security and Compliance Team, directing strategic initiatives that enhance cybersecurity posture, compliance management, operational governance, budget and cost management within IT, and designing and implementing robust Business Continuity and Disaster Recovery (BCDR) plans.
Key ResponsibilitiesStrategic Governance and Compliance Leadership
- Develop and implement strategic initiatives for IT governance, risk management, compliance, and cybersecurity aligned with business objectives.
- Lead efforts to achieve and sustain SOC 2 Type 2 and/or ISO 27001 certifications.
- Ensure continuous compliance with HIPAA and GDPR, proactively adapting to regulatory changes.
- Oversee the organization's Risk Register, prioritizing and mitigating identified risks effectively.
- Direct internal and external audit processes, ensuring audit readiness, efficient execution, and timely resolution of findings.
- Foster strong partnerships with auditors and regulatory agencies, maintaining transparency and compliance.
- Guide comprehensive cybersecurity strategies, including vulnerability assessments and penetration testing, ensuring timely remediation.
- Promote a robust cybersecurity awareness and training program across the organization.
- Oversee the creation, dissemination, and enforcement of IT compliance and cybersecurity policies.
- Facilitate training programs that reinforce compliance culture and security awareness.
- Design, implement, and maintain comprehensive Business Continuity and Disaster Recovery (BCDR) plans.
- Ensure periodic testing, review, and updating of BCDR plans to maintain effectiveness and readiness.
- Coordinate with relevant teams to integrate BCDR strategies across organizational processes.
- Manage and govern IT department budgeting processes, ensuring cost efficiency, transparent reporting, and alignment with strategic priorities.
- Monitor expenditures and identify cost-saving opportunities while maintaining service quality.
- Lead the Cyber Security and Compliance Team, fostering collaboration, professional development, and high performance.
- Serve as a strategic advisor to senior management, regularly reporting on governance and compliance outcomes.
- Readiness level of SOC 2 Type 2 and/or ISO 27001 certifications.
- Demonstrable adherence to HIPAA and GDPR compliance with proactive risk management.
- Effective management of IT budgets, with measurable cost savings and efficiencies.
- Enhanced cybersecurity posture indicated by reduced vulnerabilities and rapid remediation times.
- Positive audit outcomes and continuous improvements reflected in internal and external audit results.
- Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or related discipline; Master’s degree preferred.
- Preferred certifications: CISM, CISA, CISSP, CRISC, ISO 27001 Lead Implementer/Auditor.
- 10 years of experience in information security, compliance, risk management, and governance; at least 5 years in senior management.
- Proven experience achieving SOC 2 Type 2, ISO 27001, HIPAA, and GDPR compliance.
- Significant experience managing IT budgets, financial oversight, and cost optimization.
- Expert knowledge of global regulatory standards (HIPAA, GDPR, SOC 2, ISO 27001).
- Strong understanding of governance frameworks, cybersecurity strategies, and budget management.
- Exceptional strategic planning, analytical, communication, and leadership skills.
The Director of IT Governance and Compliance is instrumental in driving VUMI’s global growth strategy, enhancing operational excellence, and fortifying regulatory compliance, positioning the organization as a trusted leader in international health insurance.