Position Summary

Reasons you will want this position:

• Join our rapidly expanding company, where top performers unlock unlimited career growth and advancement opportunities.
• Our culture actively values and rewards innovative ideas, particularly those that lead to better outcomes for all.
• Your benefits package features comprehensive medical, dental, and vision coverage, and options for FSA, HSA, and 401K matching, and tuition assistance. Additionally, you will receive extensive paid time off, exclusive employee discounts, and more.
• This is viewed as a key position for our continued success by our executives and senior leadership.

Summary
Cedar Gate Technologies is excited to announce an opening for a new Director of Technology Governance, Risk, and Compliance (GRC)! This pivotal role supports our Chief Information Security Officer and is essential to our dynamic cybersecurity team. As the GRC Director, you will ensure robust governance, effectively manage risks, and uphold control frameworks that align with our organization's cybersecurity and compliance objectives, including HIPAA. You'll also collaborate with both internal and external auditors, making a significant impact on our HITRUST and SOC 1 & 2 compliance.

Furthermore, you will strengthen technology risk management, internal risk assessments, third-party risk assessments, compliance monitoring, and policies, standards, and controls to create a robust control environment for managing risk. We can’t wait to find the right candidate to join us in this vital mission!

Job Location:

Hybrid Remote in our office in Burlington, MA, is highly preferred; we may also consider highly qualified candidates within the United States who already work EST business hours.

Required Experience / Qualifications

• Experience with GRC solutions and automation and a strong working knowledge of information systems, security standards, and practices.
• Experience with HITRUST, SOC 1 and 2.
• In-depth experience with various control frameworks and regulatory requirements, such as HIPAA, NIST-CSF, COBIT, CIS CSCs, CCM, ISO 41001 (AI), or similar frameworks
• Bachelor's degree in business, Information Technology, Information Security, Audit, or a related field with ten or more years of equivalent experience.
• Talented communicator, both in writing and speaking, who connects with everyone across the organization!
• Excels at nurturing relationships, collaborating as a team, planning, mentoring others, and utilizing their expertise with a keen strategic mindset.
• Experience developing and executing strategies for Information Security technologies.
• Strong ability to develop business case justifications and cost/benefit analysis.
• Strong analytical skills and a creative problem solver
• Currently eligible to work in the U.S. without assistance getting an employment visa or work authorization.

Preferences – Not Required

• Security certification CISSP, CISM, or equivalent
• MBA

Roles & Responsibilities

Governance & Compliance:

• Supports the CISO in driving our cybersecurity, risk, and compliance initiatives, shaping the annual GRC plan, and enhancing our control environment for a secure future.
• Apply leading practice risk framework controls, such as NIST CSF, CIS, COBIT, etc.
• Maintain information security policies, procedures, and controls to manage risk and ensure compliance with internal and regulatory requirements.
• Facilitate and support assessments of enterprise systems, processes, and controls to verify that controls are designed appropriately and operate effectively.
• Oversee the definition of remediation plans, compensating and mitigating control activities, and retesting; ensure any recommendations from internal audit, external audit, regulators, or other external parties are addressed and incorporated into those plans.
• Oversees the design and implementation of technology controls in collaboration with other members of technology teams, ensuring adherence to requirements and that control design is embedded into solutions and procedures.
• Ensure timely remediation of ineffective controls and that remediation plans address the risks and are appropriate, detailed, and current.
• Ensure compliance with industry regulations, particularly HIPAA. Coordinate and facilitate internal and external audits, ensuring timely resolution of findings and recommendations (HITRUST r2, SOC 1, SOC 2).

Risk Management:

• Overall responsibility for the technology risk management program, including risk reporting, risk registry, and executive metrics.
• Champion changes towards assessing, organizing, prioritizing, and reporting technology risks.
• Provide leadership, guidance, and oversight to develop an enterprise-wide technology risk management program to assess, identify, report, manage, and prioritize organizational risks.
• Provide leadership, guidance, and oversight to risk mitigation strategies to minimize organizational risks.
• Oversees third-party and supply technology risk management practices and alignment with cross-functional teams such as Legal, IT, and Operational teams.

Leadership and Stakeholder Alignment:

• Provide general leadership, oversight, and development of technology governance, risk, and compliance practices.
• Serve as a key stakeholder on project steering teams for new applications to ensure that processes and controls are designed and implemented appropriately.
• Collaborate with key stakeholders to establish Technology GRC team priorities, goals, and objectives supporting business strategies.
• Monitor and evaluate GRC practices and develop metrics and KPIs to identify areas for improvement and optimization.
• Report regularly to IT Leadership, the business, and other Senior Management on the effectiveness of GRC, including key risks and compliance with policy and controls, escalating issues as appropriate.
• Conduct lessons learned with audit teams to ensure optimal coordination of improvement opportunities.
• Responsible for short-term and long-range planning, including Key Risk Indicators (KRI’s), financial planning, forecasts, and related variances
• Coordinate with Cedar Gate legal counsel and stay updated on HIMSS, CMS, and OIG policies and recommendations.
• Be a single point of contact to lead and participate in security questionnaires, RFPs, and RFIs before distribution to ensure their correctness and identify potential gaps in Cedar Gate policies and procedures.
• Ensure the organization has and maintains appropriate system use and disclosure/confidentiality statements.
• Manage security incidents and events involving protected health information (PHI) and non-PHI data.
• Ensure the company's disaster recovery, business continuity, risk management, and access control needs are addressed.
• Oversee periodic monitoring and reviewing of audit records to ensure that activity is appropriate.

Your Future Working Environment

If you join Cedar Gate, you can make great ideas happen for some of the world's most dynamic companies. With broad global resources and deep technical know-how, we collaborate with clients to cultivate ideas and deliver results in the medical industry. Choose a career at Cedar Gate and enjoy an innovative environment where challenging and interesting work is part of daily life.

Next to our excellent terms of employment and fringe benefits, we invest considerable resources to provide ongoing training that builds and extends professional, technical, and management skills in all areas. At Cedar Gate, you will operate in a professional environment where teamwork and innovation are immensely encouraged. Together with colleagues, you will work on high-impact projects for many dynamic companies.

About Cedar Gate

Cedar Gate enables payers, providers, employers, and service administrators to excel at value-based care. Our unified technology and services platform enhances and automates data management activities to deliver employer and provider analytics, care management, and payment technology necessary to pursue every payment model and optimize performance in all lines of business. From primary care attribution to bundled payments to capitation, our platform is designed to improve clinical, financial, and operational outcomes for all.

Based in Greenwich, CT, Cedar Gate is private equity backed by GTCR, a leading Chicago-based private equity firm, Ascension Ventures, a strategic healthcare venture firm, and Cobalt Ventures, the investment subsidiary of BCBS of Kansas City. To learn more, visit www.cedargate.com.