- Company Name
- Intermountain Health
- Job Title
- Senior Director Cybersecurity (GRC)
- Job Description
-
**Job Title**
Senior Director Cybersecurity (Governance, Risk, and Compliance)
**Role Summary**
Leads the organization’s Governance, Risk, and Compliance (GRC) functions, developing and executing a company‑wide cybersecurity strategy that aligns with global cyber and business objectives. Oversees GRC planning, policy development, budgeting, and team leadership, while ensuring consistent application of security standards across all regions and functions.
**Expectations**
- Deliver strategic vision and operational execution for GRC initiatives.
- Maintain compliance with industry‑accepted frameworks (ISO 27001, NIST, COBIT).
- Provide clear guidance and mentorship to senior leaders, managers, and supervisors, ensuring succession planning.
- Manage resources and budgets to meet operational and capital goals.
- Communicate progress, risks, and outcomes to executive leadership (VP, CISO) and enterprise stakeholders.
- Represent the organization in cross‑disciplinary committees and external regulatory interactions.
- Travel as required to support business sites and enterprise meetings.
**Key Responsibilities**
1. **Strategic Planning & Execution** – Create, refine, and drive the GRC strategy, aligning with corporate cyber and business roadmaps.
2. **Policy & Procedure Development** – Author and approve security policies, standards, and controls, ensuring repeatable, compliant processes.
3. **Team Leadership & Development** – Lead a Director‑ and Manager‑level team; mentor, coach, and cultivate talent to sustain high performance and succession.
4. **Budget & Resource Management** – Oversee operating and capital budgets for GRC; allocate staff and technology resources to prioritized projects.
5. **Risk Management & Compliance** – Identify, assess, and mitigate risks; enforce compliance with regulatory and privacy requirements.
6. **Stakeholder Collaboration** – Work with business units, IT, privacy, legal, and operations to embed security across all initiatives.
7. **Performance Measurement** – Define, track, and report quality and productivity metrics for cybersecurity services.
8. **Program Evangelism** – Promote cybersecurity best practices organization‑wide, fostering a culture of security awareness.
9. **Escalation & Issue Resolution** – Resolve escalated issues from managers and staff; maintain continuous improvement.
**Required Skills**
- Strategic leadership and vision setting.
- Deep knowledge of GRC frameworks (ISO 27001, NIST, COBIT, risk‑based standards).
- Risk assessment, mitigation, and measurement.
- Policy and procedural development.
- Budgeting and financial stewardship.
- Program and project management.
- Strong interpersonal and stakeholder‑management skills.
- Coaching, mentoring, and talent development.
- Excellent communication (written & verbal).
**Required Education & Certifications**
- Bachelor’s degree in Computer Science, Information Security, Business Administration, or related field (advanced degree preferred).
- Professional certifications: CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer, or comparable.
- Minimum 10‑year senior cybersecurity experience, with proven GRC leadership in a complex, multi‑region environment; healthcare industry exposure is strongly preferred.
West valley city, United states
On site
Senior
27-11-2025