Director, Governance, Risk & Compliance job opportunity at NextGen Healthcare.

Home Jobs In United States Of America Tag: Governance, Risk & Compliance Director, Governance, Risk & Compliance position at NextGen Healthcare


DatePosted 30+ Days Ago bot
NextGen Healthcare Director, Governance, Risk & Compliance
Experience: 4-years
Pattern: Remote
Country:
apply Apply Now
Salary:
Status:

Governance, Risk & Compliance

Copy Link Report
degreeOND
loacation Remote GA, United States Of America
loacation Remote GA....United States Of America

Job Description: The Director, Governance, Risk & Compliance leads a team of analysts to build and maintain an effective GRC program at NextGen Healthcare. The ideal candidate will collaborate closely with the rest of the Information Security department, along with Product, R&D, and Engineering teams to define and partner on appropriate security controls across NextGen products and systems, including NextGen SaaS offerings and platforms. This team will also have responsibility for NextGen Healthcare’s Security Governance and various regular Certification cycles and partnering with Legal on Information Security related contracts and requirements. Establish IT audit procedures relevant to HITRUST/HIPAA, ISO 27001, SOC 2, and other data protection or privacy-related regulations Provide governance and security oversight around the company’s adoption and use of AI, LLMs, and other generative-AI capabilities Evaluate and test the design and operating effectiveness of technical and administrative security controls Maintain and manage the Third-Party Risk Management program and integration with Vendor and Customer related Security obligations, requirements, and contractual agreements Work closely with the CISO to develop and implement strategies for governance and compliance related to corporate-wide security initiatives Design and implement data protection policies, process and procedures to align with HIPAA and Information Security policies, especially for cloud-hosted data environments and customer data handling throughout the development lifecycle Implement and manage an Identity Governance Program to ensure appropriate authorization to key resources, including the development of a Role Based Access Control and Role Review process. Develop training programs and FAQs related to data protection, privacy and secure data handling procedures Provide oversight and guidance for periodic security assessments to ensure compliance with information security policies and established security controls Develop metrics and compliance dashboards to measure progress for security initiatives and communicate team accomplishments and the effectiveness of audited security controls and processes Maintain and mature the Risk Register, Policy Exception Tracking, and Security Dashboard processes, standards, and components Ensure applications, networks, systems, cloud services, people, and process are assessed, monitored and audited in accordance with security controls related to SOC 2, ISO 27001, HITRUST/HIPAA and the corporate Information Security Policy Work closely with cross-functional teams to ensure security controls have been designed effectively and are working as intended Identify control deficiencies and weaknesses and recommending remediation plans for improvements Create, manage and hold staff accountable for corrective action plans (CAPs) Implement a process for continuous improvement of IT controls Work with internal and external resources to conduct and manage an assessment program for compliance requirements, including auditing and monitor privileged access to critical information systems; authentication and authorization processes; change control processes and IT operations processes Work closely with the Engineering teams to automate monitoring and auditing to reduce manual effort required for compliance activities Develop communication plans for executive-level reporting Lead the team in the development and evolution of security roadmaps, embodiment of strategic plans, understanding controls and process gaps, providing architectural vision, and enabling the larger information security team.  Hire, grow and retain team members to expand the team and its capabilities within the organization. Perform assessments of security tools, vendors, and solutions to support information security roadmap initiatives Act as an advocate for mentoring and technical career growth in the information security organization Act as a liaison with other internal NextGen teams or driving new capabilities, product investments, and research to fill coverage gaps. Provide assistance and guidance to Sales and Support teams across various customer engagements. Regularly provide key performance and risk indicator metrics for management visibility into the status, health, and maturity of the Information Security Program at NextGen. Education Required: Bachelor’s degree in Computer Science, Programming, Engineering, or similar field. Or, any combination of education and experience which would provide the required qualifications for the position. Experience Required: 4+ years of experience in Information Security with an emphasis on IT audit, IT risk management and/or IT compliance. Prior experience with managing a GRC team. Extensive background in information security services and operations and the people, process, and technology components. Significant experience in fulfilling business needs through the development of solutions through well-organized processes. Experience in client-facing discussions with new and existing customers to discuss security controls and implementations. Significant Service Management and or vendor management experience. License/Certification Required: Appropriate certifications a plus. Knowledge, Skills & Abilities: Knowledge of: Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2, HITRUST/HIPAA and GDPR. Skill in: Excellent analytical, technical and internal audit skills. Excellent organizational and documentation skills. Strong project management skills highly desired. Ability to: Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously.  The company has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and the company reserves the right to change this job description and/or assign tasks for the employee to perform, as the company may deem appropriate. NextGen Healthcare is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Other Ai Matches

Sr. Engineer, Cloud Platforms & Operations Applicants are expected to have a solid experience in handling Cloud Platforms & Operations related tasks
remote-jobserver Remote
Sr. Staff AI Engineer Applicants are expected to have a solid experience in handling Job related tasks
remote-jobserver Remote
VP, Revenue Cycle Management (RCM) Sales Applicants are expected to have a solid experience in handling Revenue Cycle Management (RCM) Sales related tasks
Client Success Manager – Digital Touch & Low Touch Applicants are expected to have a solid experience in handling Job related tasks
Client Success Manager II – Digital Touch & Low Touch Applicants are expected to have a solid experience in handling Job related tasks
Sr. Staff Engineer, Cloud Platforms and Operations Applicants are expected to have a solid experience in handling Cloud Platforms and Operations related tasks
remote-jobserver Remote
Sr. Specialist II, Integration Applicants are expected to have a solid experience in handling Integration related tasks
Data Engineer Applicants are expected to have a solid experience in handling Job related tasks
remote-jobserver Remote
Sr. Specialist I, Ent Applications Applicants are expected to have a solid experience in handling Ent Applications related tasks
remote-jobserver Remote
Sr. Project Manager Applicants are expected to have a solid experience in handling Job related tasks
remote-jobserver Remote
Velocity Specialist Applicants are expected to have a solid experience in handling Job related tasks
remote-jobserver Remote
Pricing Strategy Manager Applicants are expected to have a solid experience in handling Job related tasks
remote-jobserver Remote
Director, Governance, Risk & Compliance Applicants are expected to have a solid experience in handling Governance, Risk & Compliance related tasks
Program Manager Applicants are expected to have a solid experience in handling Job related tasks
Sr. Data Engineer Applicants are expected to have a solid experience in handling Job related tasks
remote-jobserver Remote
Executive Admin Assistant Applicants are expected to have a solid experience in handling Job related tasks
remote-jobserver Remote
Velocity Specialist Applicants are expected to have a solid experience in handling Job related tasks
Specialist I, Professional Services Applicants are expected to have a solid experience in handling Professional Services related tasks
remote-jobserver Remote
Technical Product Owner Applicants are expected to have a solid experience in handling Job related tasks
Sr. Engineer, Software Development Applicants are expected to have a solid experience in handling Software Development related tasks
remote-jobserver Remote
Director, Financial Solutions Sales Applicants are expected to have a solid experience in handling Financial Solutions Sales related tasks
Human Resources Business Partner Applicants are expected to have a solid experience in handling Job related tasks
Sr. Python Developer Applicants are expected to have a solid experience in handling Job related tasks