Director Information Security – Governance, Risk, and Compliance jobs in United States
cer-icon
Apply on Employer Site
company-logo

UVA Health · 2 months ago

Director Information Security – Governance, Risk, and Compliance

positionVirginia, United States
timeFull-time
remoteOnsite
seniorityDirector/Executive
money$118K/yr - $236K/yr
date10+ years exp

UVA Health is a world-class Magnet Recognized academic medical center and health system. The Director of Information Security – Governance, Risk, and Compliance will lead the IT Governance, Risk, and Compliance teams, overseeing cybersecurity risk management and ensuring regulatory compliance within the organization.

Health CareHospitalMedical

Responsibilities

Lead the strategy development and execution of multiple elements of a comprehensive enterprise-wide Information Security Program aligned with organizational goals and regulatory requirements
Design and execute multi-year road maps to transform information security capabilities and collaborate with health system entities to align critical security measures with key business initiatives
Drive innovation and lead organizational change initiatives to enhance security posture and operational resilience. Acts as a change agent for new technologies and processes that reduce risk and enhance security within Health IT
Develop and manage the information security budget, ensuring optimal allocation of resources to meet strategic objectives
Develop and maintain a culture of security that emphasizes the responsibilities of all health system employees to help protect sensitive information, systems, and networks
Provide visionary leadership to the Information Security team, fostering a culture of accountability, innovation, and continuous improvement
Apply deep expertise in cybersecurity operations, regulatory compliance, and risk management to guide enterprise operations and decision-making
Directs and manages Information Security Department actions and operations. Leads multiple teams through the prioritization and implementation of service improvement projects
Directs the design and implementation of solutions that are secure, scalable, reliable, and cost-effective and aligned with the Information Security mission to reduce risk while enhancing productivity
Determine the value and ROI of security projects, and prioritizes scheduling and implementation to ensure the efficient utilization of resources
Develop staff as needed to ensure current and future team skills and capabilities are aligned with the planned departmental growth and transformation
Serve as a senior authority and strategic advisor on information security, influencing executive leadership and cross-functional stakeholders
Champion effective communication and collaboration across departments to embed security into business processes and technology initiatives
Tracks implementations to ensure service and financial targets are met according to agreed timelines
Oversees and negotiates service level agreements (SLAs) with internal and external stakeholders
Directs relationships with vendors to ensure that vendors meet agreed performance objectives, SLAs, and deliverables in a timely manner and within budget guidelines
Interacts with major suppliers, overseeing RFPs, contracts, and service agreements
Oversees the creation and maintenance of policies, procedures, and guidelines to ensure efficient service operation and protect the organization’s computing infrastructure and data
Collaborates with Legal, Privacy, and Compliance teams to ensure compliance with relevant laws, regulations, and policies
Advocates for changes in other Health IT departments to ensure compliance with security policies
Cultivate and mentor high-performing security professionals, building leadership capacity and technical expertise across the team
Perform other director-level duties as assigned to support the mission and strategic direction of the organization
Apply deep expertise in cybersecurity operations, regulatory compliance, and risk management to guide enterprise operations and decision-making
Keep abreast of emerging technologies, risks, and industry trends
Assists in the recruitment, hiring, training, and development of Information Security staff, ensuring the team possesses the necessary skills and knowledge to fulfill the department’s mission

Qualification

Information Security LeadershipRisk ManagementRegulatory ComplianceCybersecurity OperationsHealthcare ExperienceData GovernanceDisaster RecoveryBusiness ContinuityAnalytical SkillsTeam DevelopmentVendor ManagementPolicy DevelopmentChange ManagementStakeholder ManagementEmerging Technologies AwarenessService Level AgreementsSecurity Awareness EducationInternal Audits CoordinationPhishing SimulationsTabletop ExercisesBudget ManagementContract NegotiationRFP ManagementIT Risk AssessmentCyber Insurance ManagementThird-Party Risk ManagementIT Infrastructure ProtectionSecurity MetricsPerformance ObjectivesService Improvement Projects

Required

Bachelor's degree in information security, computer science, or a related field
10 years of experience in information technology within a related area
At least five years of progressive responsibility in a technology leadership role managing information security teams
Ability to communicate via written and verbal communication in both formal and casual situations
Demonstrated initiative and success in providing Information Security services, preferably in an academic healthcare setting
Strong analytical and problem-solving skills
Ability to work under pressure and handle multiple priorities
One or more of the following professional certifications or equivalent is required: Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA), Global Information Assurance Certifications (SANS/GIAC), Offensive Security Certified Professional (OSCP)

Preferred

Master's Degree
Academic healthcare security operations, risk management, or access management
Strong understanding of information security concepts, protocols, industry best practices and regulatory requirements with knowledge of networking, enterprise applications, cloud computing, and information risk management and compliance frameworks

Benefits

Comprehensive Benefits Package: Medical, Dental, and Vision Insurance
Paid Time Off, Long-term and Short-term Disability, Retirement Savings
Health Saving Plans, and Flexible Spending Accounts
Certification and education support
Generous Paid Time Off

Company

UVA Health

twittertwittertwitter
Glassdoor4.0
company-logo
UVA Health is a healthcare center that provides home healthcare, dentistry, and palliative care services.
dateFounded in 1901
location
Charlottesville, Virginia, USA
people-size5001-10000 employees
web-link
https://www.uvahealth.com

Funding

Current Stage
Late Stage
Total Funding
$0.1M
Key Investors
Virginia Innovation Partnership Corporation
2025-01-14Grant· $0.1M

Leadership Team

leader-logo
Erik Shannon
CEO UVA Community Health
linkedin
leader-logo
K. Craig Kent
Chief Executive Officer
linkedin

Recent News

Medical Xpress - latest medical and health news stories
Common brain parasite can infect your immune cells—here's why that's probably OK
2026-01-07
News-Medical.Net
Restoring pleiotrophin shows promise for improving brain function in Down syndrome
2025-10-17
News-Medical.Net
Blood biomarkers offer hope for early detection of interstitial lung disease
2025-10-12
Company data provided by crunchbase