Director of IT Governance, Risk, and Compliance

Company: Labcorp
Location: Durham
Posted on: May 14, 2022

Job Description:

Director, IT Governance, Risk, and ComplianceThe Director, IT Governance, Risk, and Compliance is responsible for the oversight and coordination of the GRC program. The Director is expected to fully understand industry better practices, and regulatory requirements relating to cybersecurity (including NIST, SOX, PCI, FedRAMP, StateRAMP, ISO, GDPR, CCPA, HITRUST, GxP, and others) and ensure the organization's framework is designed and implemented accordingly.Accountabilities:

• Define the Labcorp IT GRC strategy and ensure the selection of controls is consistent with the strategy.
• Design and implement an integrated risk management approach that applies operating controls to manage information security risk.
• Provide input to the Head of Business Resilience and Risk, Chief Information Risk Officer, and other senior leaders to determine organizational risk management strategy.
• Align cybersecurity management processes with strategic, operational, and budgetary planning processes.
• Coordinate with the Risk Committee to ensure categorization decision is appropriate for the organizational risk management strategy and satisfies requirements for high-value assets.
• Promote the use of common controls to more effectively utilize resources.
• Provide oversight to the risk management process to ensure that cyber risk to mission and business success is considered in decision making.
• Provide an organization-wide forum to consider all sources of risk, including aggregated risk from individual systems.
• Lead M&A activity related to Information Security and Business Resilience.
• Lead the supply chain risk management program.
• Other duties as requiredMinimum Requirements:Required Education and Experience:
  • Master of Business Administration, Cybersecurity, or Cybersecurity Law preferred.
  • 15+ years' experience in cybersecurity with a minimum of 7+ in cybersecurity governance risk and compliance may substitute for a Master degree
  • 5+ years Management/leadership experienceRequired Skills and Abilities:
    • Ability to promote collaboration and cooperation among organizational entities
    • Strong track record of managing people, projects, and processes
    • Demonstrated interpersonal/verbal communication skills
    • Strong understanding of Cybersecurity risk frameworks and ability to lead and oversee the execution and implementation of the frameworks
    • Ability to determine and set the strategic direction of the Cybersecurity GRC function
    • Strong understanding of industry standards and regulations including: NIST, SOX, PCI, FedRAMP, StateRAMP, ISO, GDPR, CCPA, HITRUST, GxP, and others
    • Proven analytical rigor in formulating objectives and measuring results
    • Strong skills and experience in designing and documenting complex processes, and identifying and eliminating deficiencies in existing process designs
    • Demonstrated ability to establish and maintain strong working relationships with stakeholders, partners, and industry peers
    • Track record of successfully developing and maturing cyber risk organizations with an emphasis on delivering results.
    • Occasional travel will be requiredLabcorp is proud to be an Equal Opportunity Employer:As an EOE/AA employer, the organization will not discriminate in its employment practices due to an applicant's race, age, color, religion, sex, national origin, sexual orientation, gender identity, disability or veteran status.For more information about how we collect and store your personal data, please see our Privacy Statement.

Keywords: Labcorp, Durham , Director of IT Governance, Risk, and Compliance, Executive , Durham, North Carolina