Assistant Director - Cybersecurity Governance, Risk & Compliance (GRC)

One of the nation’s largest and most respected providers of hospital and healthcare services, Universal Health Services, Inc. (UHS) has built an impressive record of achievement and performance. During the year, UHS was again recognized as one of the World’s Most Admired Companies by Fortune and listed in Forbes ranking of America’s Largest Public Companies. Operating acute care hospitals, behavioral health facilities, outpatient facilities and ambulatory care access points, an insurance offering, a physician network and various related services located all over the U.S., Washington, D.C., Puerto Rico and the United Kingdom.

The Corporate Information Services Department is seeking a dynamic and talented Assistant Director – Governance, Risk, and Compliance (GRC).

The Assistant Director – Governance, Risk, and Compliance provides leadership to develop and operate a Governance, Risk, and Compliance (GRC) program promoting the security (confidentiality, integrity, and availability) of electronic information or system technologies, processes, and people used to support the business mission. Builds, develops, and manages a talented team of GRC resources in supporting the total ISMS program of the organization.

Key Responsibilities include:

• Provides leadership to develop and operate a GRC program, promoting the security of electronic information and system technologies. Builds, develops, and manages a team of Cybersecurity Analysts and GRC resources to support the organization's ISMS program.
• Develops, maintains, and disseminates policies, procedures, and specifications to protect the organization's information assets, collaborating with subject matter experts and various departments.
• Designs frameworks for and conducts internal risk assessments of people, processes, and technologies to ensure the security of the organization's electronic information. This includes assessing risks for business processes that create, access, store, or transmit company information.
• Evaluates the relevance and threat potential of publicly disclosed or internally discovered vulnerabilities to prioritize threat reduction.
• Monitors the effectiveness of cybersecurity controls and compliance with policies. Develops and disseminates meaningful metrics relevant to the GRC program.
• Collaborates with Internal Audit IT Auditors to test security controls for compliance with policies and regulations. Provides leadership to ensure the completion of assigned projects within agreed timelines and budgets.
• Coordinates with the broader ISMS program team, CISO, and Senior Management to build a culture that promotes information security throughout the organization.
• Oversees projects to achieve PCI-DSS compliance, manages SOC 2 Type 1 or 2 efforts for facilities, and provides leadership in developing audit remediation plans.
• Prepares and delivers presentations to Senior Management, Executives, or the Board of Directors as needed.

Position Requirements:

• Bachelor’s Degree required. Master’s Degree preferred.
• Minimum of 8 years information security GRC experience that includes 2-3 years management experience and/or 3 years of direct Information Security experience in a multi-facility environment. Healthcare industry experience preferred.
• Possess strong technical analytical skills for project management, process improvement related to workflow processes, training, and development of educational material.
• Able to communicate clearly and respectfully with Executives, and all other personnel.
• Learns quickly, takes constructive feedback on performance, stays focused on the job with attention to detail and produces desired outcomes.
• Proven knowledgeable and experience developing and implementing a cybersecurity risk management framework based on regulations such as HIPAA, or SOX and best practices as defined in NIST, ISO, PCI, and other common cybersecurity frameworks.
• Ability to quickly assimilate information. Strong process and technology analysis skills.
• Ability to collaborate with individuals at all organizational levels, skills, and experiences to build relationships and achieve organizational goals.
• Ability to prioritize and balance multiple and sometimes competing projects, priorities, or objectives.
• Goals and details oriented.
• Demonstrated leadership attributes.
• Able to write and speak in a manner that clearly and concisely communicates sometimes complex concepts to individuals at all organizational levels.
• Strong negotiation skills to work with product and service providers or reach consensus with constituents.

License or Registration Requirements: CISSP or CISM required upon hire date.

Travel Requirements: Up to 10% travel.

This opportunity provides the following:

• Challenging and rewarding work environment
• Growth and development opportunities within UHS and its subsidiaries
• Competitive Compensation
• Excellent Medical, Dental, Vision and Prescription Drug Plan
• 401k plan with company match
• Generous Paid Time Off