Auditing, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Computer Security, HIPAA (Health Insurance Portability and Accountability Act), Health Information Technology, Healthcare, ISO (International Organization for Standardization), Industry Standards, Information Systems/Technology IS/IT Administration, Information/Data Security (InfoSec), Internet Security, Leadership, Legal, Machine Tool, Patient Care, Privacy Controls, Regulations, Regulatory Requirements, Requirements Management, Risk, Risk Management, Risk Management Framework (RMF), Security Compliance, U.S. National Institute of Standards and Technology (NIST)
Purpose & Scope:
The Director of Cybersecurity Compliance leads the healthcare organization’s information security governance, risk, and compliance (GRC) program. This role is accountable for defining regulatory requirements, establishing risk management frameworks, and independently assessing the effectiveness of cybersecurity controls to ensure alignment with healthcare regulations, patient privacy obligations, and industry standards.
This leader serves as the independent oversight function for cybersecurity, ensuring that controls implemented by cybersecurity and IT teams meet regulatory, audit, and risk expectations without introducing bias from operational ownership. The Director partners closely with cybersecurity operations, clinical leadership, legal, and compliance to embed security and compliance into workflows while maintaining safe and uninterrupted patient care.
Education:
Bachelor’s degree in Information Security, Information Technology, Healthcare Administration, or related field. Master’s preferred.
Experience:
10+ years of experience in IT security, risk, or compliance, with significant experience in healthcare
5+ years in a leadership role within a healthcare or regulated environment
Knowledge and Skills
- Deep knowledge of healthcare regulations (HIPAA/HITECH) and security frameworks (NIST, HITRUST, ISO)
- Strong understanding of risk management methodologies and audit practices
- Experience with GRC platforms and compliance tooling
- Ability to independently assess control effectiveness and identify gaps
- Strong understanding of PHI handling, privacy requirements, and breach response obligations
- Ability to translate regulatory requirements into practical governance structures
Certification/Licensure:
- CISSP, CISM, CISA, or CRISC, preferred
- HCISPP (Healthcare Information Security and Privacy Practitioner), preferred
- HITRUST CCSFP, preferred