DIRECTOR IT GOVERNANCE, RISK, AND COMPLIANCE

Montefiore is ranked among the top hospitals nationally and regionally by U.S. News & World Report. For more than 100 years we have been innovating new treatments, new procedures, and new approaches to patient care, producing stellar outcomes, and raising the bar for medical centers in the region and around the world.

Our award-winning IT organization seeks a Director for IT Governance, Risk, and Compliance. The individual in this new role is responsible for leading the strategic development and implementation of our organization's GRC program. This role will also involve monitoring and reporting on compliance with relevant regulatory requirements and internal policies and procedures, while managing risks.

While this team works remotely some of the time, you must be prepared to work in our office as required. Montefiore requires employees to reside in NY, NJ, CT, or PA, and to be vaccinated including for COVID and flu.

Daily Tasks include:

1. Oversee the development and implementation of the organization's GRC framework.
2. Liaise with different departments to ensure that GRC policies are followed.
3. Regularly evaluate the efficiency of controls and improve them continuously.
4. Conduct risk assessments to understand risk level, significances, and scope.
5. Develop and oversee control systems to prevent violations of legal rules and internal policies.
6. Regularly monitor and report on the status of compliance efforts and changes in laws and regulations that affect the organization's compliance.
7. Implement appropriate training programs for compliance and risk management.
8. Evaluate the organization's previous handling of risks and compare potential risks with criteria set out by the organization such as costs and legal requirements.
9. Lead incident response activities and investigations into regulatory and compliance issues.
10. Provide reports and key risk indicator updates to the CISO and executive management team.

Key responsibilities include:

• Oversee and manage the development and implementation of GRC standards and processes.
• Direct and manage risk assessments and incident response activities.
• Identify potential areas of compliance vulnerability and risk; develop/implement corrective action plans for resolution of problematic issues.
• Provide strategic direction to the IT department in the development of policies, procedures, and controls to ensure information accuracy, security, and legal and regulatory compliance.
• Communicate with stakeholders about the importance of the organization's GRC strategy and initiatives.
• Report back to business functions on current risk and compliance performance; participate in management and board meetings.
• Develop a comprehensive compliance training and awareness program.
• Oversee internal and external audits.

Qualifications  include:

• Certifications such as CRISC, CISA, CGEIT, CISSP, or CISM are highly desirable.
• Proven experience in a compliance and risk management leadership role, preferably within the healthcare sector.
• Strong knowledge of governance, risk, and compliance concepts and applicable laws and regulations.
• Familiarity with industry practices and professional standards such as HIPAA, ISO 27001, NIST, and COBIT.
• Excellent leadership and team management skills.
• Strong communication skills with the ability to present complex security concepts to a wide variety of audiences.
• Bachelor's degree in Computer Science, Information Technology, Business Administration, or a related field, or equivalent experience. A Master's degree is preferred.

Montefiore requires employees to reside in NY, NJ, CT or PA. Montefiore requires employees to be vaccinated, including for COVID and flu.

Department: Montefiore Information Technology Bargaining Unit: Non Union Campus: YONKERS  Employment Status: Regular Full-Time Address: 3 Odell Plaza, Yonkers
Shift: Day Scheduled Hours: 8:30 AM-5 PM Req ID: 215017 Salary Range/Pay Rate: $161,700.00 - $215,600.00    

For positions that have only a rate listed, the displayed rate is the hiring rate but could be subject to change based on shift differential, experience, education or other relevant factors.

To learn more about the “Montefiore Difference” – who we are at Montefiore and all that we have to offer our associates, please click here.  

Diversity, equity and inclusion are core values of Montefiore. We are committed to recruiting and creating an environment in which associates feel empowered to thrive and be their authentic selves through our inclusive culture. We welcome your interest and invite you to join us.

Montefiore is an equal employment opportunity employer. Montefiore will recruit, hire, train, transfer, promote, layoff and discharge associates in all job classifications without regard to their race, color, religion, creed, national origin, alienage or citizenship status, age, gender, actual or presumed disability, history of disability, sexual orientation, gender identity, gender expression, genetic predisposition or carrier status, pregnancy, military status, marital status, or partnership status, or any other characteristic protected by law. 

LI-SC1-REDIRECT; SF-DICE-MIT