Director – InfoSec Governance, Risk and Compliance
Option Care Health
full-time
Posted on:
Location Type: Hybrid
Location: Bannockburn • Illinois • United States
Visit company websiteExplore more
Salary
💰 $160,107 - $266,853 per year
Job Level
About the role
- Lead the enterprise information security and IT risk management program, including identification, assessment, classification, and measurement of risks impacting healthcare operations and ePHI.
- Lead the enterprise information security governance program, including development and maintenance of policies, standards, procedures, and control narratives
- Lead a scalable third‑party risk management program covering security and privacy assessments, risk tiering, remediation tracking, and continuous monitoring
- Lead enterprise‑wide security education and awareness programs for employees, contractors, and vendors
- Develop executive‑level metrics and dashboards translating technical risk into business‑relevant insights
- Present security risk, compliance posture, and investment needs to leadership
- Provide governance oversight for incident response and lead enterprise tabletop exercises
- Expand Data Governance program in alignment with privacy and compliance
- Support the AI Governance Committee with effective implementation of governance controls around enterprise AI use
- Maintain and govern the InfoSec and IT risk register, including risk ownership, treatment plans, exception handling, and align with Enterprise Risk Management.
- Develop and maintain key risk and performance metrics (KRIs/KPIs), dashboards, and trend analyses demonstrating risk posture and maturity improvements
- Lead control maturity and compliance programs aligned to NIST‑CSF, SOC 2, SOX IT General Controls (ITGC), and other applicable regulatory or assurance frameworks
- Coordinate external audits and assessments, serving as the primary liaison for auditors and assessors
- Identify and research potential performance improvement opportunities in leveraging security benchmarks and best practices.
- Lead, mentor, and develop a high‑performing GRC team.
Requirements
- Bachelor’s degree required; Master’s degree preferred in relevant field.
- 10+ years of progressively responsible experience in information security, IT and InfoSec risk, governance, compliance, metrics, business continuity, and training.
- 5+ years direct management experience leading InfoSec and/or IT GRC Teams
- Experience managing third‑party risk, business continuity programs, and security training initiatives
- Demonstrated experience managing enterprise information security risk, NIST‑aligned programs, SOC 2, and SOX ITGC environments
- Proven success implementing metrics‑driven GRC programs at scale
- Experience with GRC tooling, continuous control monitoring, M&A security due diligence, and AI governance programs
- Demonstrated experience with HIPAA Security Rule implementation and HITRUST CSF alignment.
- Business acumen with an ability to explain to business leaders security initiatives, programming and impact
- Exceptional written, verbal, and public speaking skills.
Benefits
- Medical, Dental, & Vision Insurance
- Paid Time off
- Bonding Time Off
- 401K Retirement Savings Plan with Company Match
- HSA Company Match
- Flexible Spending Accounts
- Tuition Reimbursement
- myFlexPay
- Family Support
- Mental Health Services
- Company Paid Life Insurance
- Award/Recognition Programs
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
information securityIT risk managementrisk assessmentrisk measurementsecurity governancethird-party risk managementincident responsemetrics-driven GRC programsNIST-CSFSOC 2
Soft Skills
leadershipmentoringcommunicationbusiness acumenpublic speakingtrainingteam developmentpresentation skillsorganizational skillsinterpersonal skills
Certifications
Bachelor's degreeMaster's degreeHITRUST CSFHIPAA Security RuleSOX IT General Controls