Apply on Employer Site

Baylor Scott & White Health · 3 hours ago

Director Governance, Risk & Compliance (GRC)

Dallas, TX

Full-time

Onsite

Lead/Staff, Director/Executive

5+ years exp

Baylor Scott & White Health is a healthcare organization seeking a Director of Healthcare Governance, Risk, and Compliance. The director will be responsible for developing and overseeing GRC programs, integrating principles across departments, and ensuring compliance with laws and regulations while fostering a culture of patient safety and data privacy.

FitnessHealth CareMedicalSports

Responsibilities

Developing and maintaining the organization's GRC framework, including policies, standards, and procedures for risk management, compliance, and information security. (e.g., NIST CSF, HITRUST)

Providing guidance and leadership to ensure that business objectives are met within the established governance framework

Leading the identification, assessment, and mitigation of enterprise-wide risks, including operational, financial, reputational, legal, cybersecurity, and patient safety risks

Developing and implementing risk assessment methodologies, mitigation strategies, and action plans

Maintaining and reporting on the organization's risk register, tracking remediation activities, and providing insights to leadership

Conducting vendor risk assessments and ensuring third-party compliance with security and privacy standards

Ensuring compliance with all applicable healthcare laws, regulations, and industry standards (e.g., HIPAA, HITECH, NIST)

Developing and delivering compliance training programs to staff and leadership to promote awareness and adherence to ethical standards

Overseeing internal and external audits, coordinating responses, and managing remediation efforts

Staying current on evolving regulatory environments, security threats, and compliance best practices, and updating policies and procedures accordingly

Collaborating with quality and safety teams to integrate GRC into patient care delivery, focusing on preventing avoidable harm and improving patient outcomes

Supporting the development and implementation of patient safety initiatives

Qualification

GovernanceRiskComplianceHealthcare RegulationsCybersecurity FrameworksCISSP CertificationRisk Management MethodologiesProgram ManagementLeadership SkillsCommunication Skills

Required

Bachelor's Degree or 4 years of work experience above the minimum qualification

5 years of experience

Developing and maintaining the organization's GRC framework, including policies, standards, and procedures for risk management, compliance, and information security

Providing guidance and leadership to ensure that business objectives are met within the established governance framework

Leading the identification, assessment, and mitigation of enterprise-wide risks, including operational, financial, reputational, legal, cybersecurity, and patient safety risks

Developing and implementing risk assessment methodologies, mitigation strategies, and action plans

Maintaining and reporting on the organization's risk register, tracking remediation activities, and providing insights to leadership

Conducting vendor risk assessments and ensuring third-party compliance with security and privacy standards

Ensuring compliance with all applicable healthcare laws, regulations, and industry standards

Developing and delivering compliance training programs to staff and leadership to promote awareness and adherence to ethical standards

Overseeing internal and external audits, coordinating responses, and managing remediation efforts

Staying current on evolving regulatory environments, security threats, and compliance best practices, and updating policies and procedures accordingly

Collaborating with quality and safety teams to integrate GRC into patient care delivery, focusing on preventing avoidable harm and improving patient outcomes

Supporting the development and implementation of patient safety initiatives

Preferred

Bachelor's degree in a relevant field such as Healthcare Administration, Information Security, Law, Business Administration, or a related field

Minimum of 5-10 years of experience in healthcare privacy, risk management, or compliance roles, with a focus on information security, privacy, and regulatory compliance

CISSP, CISM, or equivalent certifications preferred

In-depth knowledge of healthcare regulations and frameworks

Experience conducting audits, risk assessments, and regulatory reporting in a healthcare environment

Proven experience leading complex consulting engagements, including CIO/CISO engagements—driving all phases of the client engagement lifecycle

Strong leadership and program management skills; able to interface with client leadership teams and provide direction to internal, client, and vendor teams

Strong communication skills, including the ability to lead executive-level deliverable presentations and briefings

Develop high-quality deliverables, such as reports, presentations, policies, procedures, and architectural diagrams

In-depth knowledge of cybersecurity frameworks

Strong understanding of network protocols, operating systems, cloud platforms, and security technologies

Expertise in one or more of the following cybersecurity domains (or related): Cyber Risk Management, Incident Response, Data Protection, OT Security, Vulnerability Management, Identity and Access Management, Cyber Resilience

Experience with risk management methodologies and tools

Familiarity with regulatory compliance standards