Director Cybersecurity | Governance, Risk and Compliance

Location:

Avera Downtown Building-Sioux Falls

Worker Type:

Regular

Work Shift:

Day/Evening/Weekend/Holiday Shift (United States of America)

Position Highlights

You Belong at Avera

Be part of a multidisciplinary team built with compassion and the goal of Moving Health Forward for you and our patients. Work where you matter.

A Brief Overview
The director of governance, risk management and compliance (GRC) provides leadership and direction for Avera's GRC requirements. The director is responsible for establishing and maintaining the company's overall IT and security GRC program, as well as for developing and managing an enterprise-wide information GRC program. The role includes implementation and maintenance of policies, as well as a comprehensive controls framework with third-party risk management.

The director ensures Avera's technical systems and information assets are protected. Responsible for identifying, evaluating and reporting on information security risks that are important for the business to be aware of and act on accordingly. The director works in tandem with cybersecurity leadership to elevate Avera's security posture. The director of GRC must be able to influence and lead the GRC security strategy of Avera within new and existing information system capabilities. The position requires a diverse background to understand a variety of systems, including new technologies and legacy systems considered business-critical.

What you will do

• GRC Team Leadership & Strategy: (a) Lead the Governance, Risk, and Compliance (GRC) team in advancing a security maturation program. (b) Direct the team to document, communicate, and enforce security improvements that balance risk with operational efficiency. (c) Provide leadership in managing third-party, vendor, and partner oversight, emphasizing privacy, security, and compliance. (d)Act as a key escalation point for risk identification and mitigation planning.
• Security Oversight & Risk Management: (a) Ensure rigorous oversight of security systems and configurations to reduce enterprise risk. (b) Guide the team in confirming safeguards against risks from external entities. (c) Maintain strategies for managing audits, compliance checks, and external assessments.
• Business Integration & Operational Alignment: (a) Collaborate with business units during solution onboarding to ensure security controls are in place. (b)Oversee vendor risk assessments and enforce consistent process adherence across departments. (c)Inspire adoption of cybersecurity controls to reduce the organizational attack surface.
• Compliance & Audit Engagement: (a) Liaise with internal and external auditors to implement and maintain compliance with privacy and security laws. (b) Align team efforts with audit and risk management leadership for ongoing assessments and strategic planning.
• Metrics, Reporting & Program Evaluation: (a) Influence and validate metrics used to assess the success of the security program. (b) Regularly report program performance to security and business leadership. (c) Promote alignment with enterprise risk management principles in documentation and system configuration.
• Incident Response & Documentation: (a) Assign team members to monitor and document incident response activities. (b) Ensure thorough tracking of security incidents, resolutions, and lessons learned.
• Security Awareness & Communication: (a) Maintain up-to-date knowledge of regulatory, privacy, and security best practices. (b) Effectively communicate GRC controls and security practices across business units, including third-party integrations and financial systems.
• Responsibilities include interviewing, hiring, developing, training, and retaining employees; planning, assigning, and leading work; appraising performance; rewarding and coaching employees; addressing complaints and resolving problems.

Essential Qualifications
The individual must be able to work the hours specified. To perform this job successfully, an individual must be able to perform each essential job function satisfactorily including having visual acuity adequate to perform position duties and the ability to communicate effectively with others, hear, understand and distinguish speech and other sounds. These requirements and those listed above are representative of the knowledge, skills, and abilities required to perform the essential job functions. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential job functions, as long as the accommodations do not cause undue hardship to the employer.

Required Education, License/Certification, or Work Experience:

• Bachelor's in computer science, cybersecurity or similar.
• At least 10 years cybersecurity or information technology experience.
• Demonstrated leadership experience and understanding of various regulatory requirements and laws.
• Proven understanding of business focus and processes, and ability to inject cybersecurity into the business through teamwork and influence

Preferred Education, License/Certification, or Work Experience:

• Master's in computer science, cybersecurity or similar.
• Certified Information Systems Security Professional (CISSP) - International Information System Security Certification Consortium (ISC2)
• Certified Information Security Manager (CISM) - ISACA
• Certified Information Systems Auditor (CISA) - ISACA
• Certified Cloud Security Professional (CCSP) - International Information System Security Certification Consortium (ISC2)
• At least 5 years leadership experience.
• Understanding of service design, delivery concepts and control frameworks.

Expectations and Standards

• Commitment to the daily application of Avera’s mission, vision, core values, and social principles to serve patients, their families, and our community.
• Promote Avera’s values of compassion, hospitality, and stewardship.
• Uphold Avera’s standards of Communication, Attitude, Responsiveness, and Engagement (CARE) with enthusiasm and sincerity.
• Maintain confidentiality.
• Work effectively in a team environment, coordinating work flow with other team members and ensuring a productive and efficient environment.
• Comply with safety principles, laws, regulations, and standards associated with, but not limited to, CMS, The Joint Commission, DHHS, and OSHA if applicable.

Benefits You Need & Then Some

Avera is proud to offer a wide range of benefits to qualifying part-time and full-time employees. We support you with opportunities to help live balanced, healthy lives. Benefits are designed to meet needs of today and into the future.

• PTO available day 1 for eligible hires.
• Up to 5% employer matching contribution for retirement
• Career development guided by hands-on training and mentorship

Avera is an Equal Opportunity Employer - Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, Veteran Status, or other categories protected by law. If you are an individual with a disability and would like to request an accommodation for help with your online application, please call 1-605-504-4444 or send an email to talent@avera.org.