Director, Cybersecurity Governance Risk and Compliance (GRC)

CorVel, a certified Great Place to Work Company, is a national provider of industry-leading risk management solutions for the workers’ compensation, auto, health and disability management industries. We are hiring a hands-on leader to drive the execution of our tactical and strategic plans related to CorVel’s Cybersecurity, Governance, Risk and Compliance (GRC) posture, quantifying enterprise risk appetite and tolerance, establishing and improving security policies, and maintaining a cyber risk register.

This will be a remote role, or hybrid within our Portland, OR office.

• This hands-on position will supervise a small team while enhancing and maintaining CorVel’s Cybersecurity, Governance, Risk, and Compliance (GRC) posture.
• Executes and monitors the risk management strategies and initiatives to ensure effectiveness and alignment with organizational goals.
• Oversees the Cyber Risk Register, manages updates and tracks risk mitigation to conclusion.
• Ensures performance monitoring processes to assure that performance measures both leading and lagging remain effective indicators of satisfactory risk management.
• Oversees and allocates resources necessary for compliance testing to assess adherence to internal policies and external regulations, identifying systemic compliance gaps, resolving root cause and proposing improvement options, including cost benefit analysis.
• Develop and maintain all relevant documentation, policies, standards, guidelines, and frameworks, embedding controls into process across the business and technology units with the support of the security engineering team.
• Build and maintain successful relationships with stakeholders in both technology and business by developing a clear understanding of business needs, acting as a trusted advisor, and ensuring cost-effective delivery of security services to meet those needs.
• Overseeing 3rd party audits by supporting evidence collection and facilitating information gathering.
• Provide guidance, support, and mentorship to junior team members, fostering their growth and development.

• Minimum 10 years of hands-on and 3 years of leadership experience in cybersecurity governance, risk and compliance (GRC) within a large enterprise environment.
• Demonstrated experience of compliance frameworks e.g. HIPAA, HITRUST, SOC, New York DFS and SOX.
• Skilled with risk management principles, as well as experience making decisions to optimize overall operational and cyber risk.
• Identify and evaluate controls for risk reduction and mitigation activities to drive a risk-based culture, including a strong understanding of policies as well as control standards, while reviewing and recommending the development of controls to reduce risk to an acceptable level.
• Experience working with external auditors from an evidence collection perspective.
• Self-starter with outstanding communication, conceptual thinking, change/project management, analytical, and problem-solving capabilities.
• One or more industry certifications such as CISSP, CRISC, CISA or other.
• Bachelor's degree or higher in Information Security/Cybersecurity or other.
• Can be located anywhere in the 48 contiguous US states. Must be willing to travel to Portland, Oregon, typically quarterly or as needed.

CorVel uses a market-based approach to pay and our salary ranges may vary depending on your location. Pay rates are established taking into account the following factors: federal, state, and local minimum wage requirements, the geographic location differential, job-related skills, experience, qualifications, internal employee equity, and market conditions. Our ranges may be modified at any time.

For leveled roles (I, II, III, Senior, Lead, etc.) new hires may be slotted into a different level, either up or down, based on assessment during interview process taking into consideration experience, qualifications, and overall fit for the role. The level may impact the salary range and these adjustments would be clarified during the offer process.

Pay Range: $108,064 - $167,974.

A list of our benefit offerings can be found on our CorVel website: CorVel Careers | Opportunities in Risk Management.

In general, our opportunities will be posted for up to 1 year from date of posting, or until we have selected candidate(s) to fulfill the opening, whichever comes first.

CorVel, a certified Great Place to Work Company, is a national provider of industry-leading risk management solutions for the workers’ compensation, auto, health and disability management industries. CorVel was founded in 1987 and has been publicly traded on the NASDAQ stock exchange since 1991. Our continual investment in human capital and technology enable us to deliver the most innovative and integrated solutions to our clients. We are a stable and growing company with a strong, supportive culture and plenty of career advancement opportunities. Over 4,000 people working across the United States embrace our core values of Accountability, Commitment, Excellence, Integrity and Teamwork (ACE-IT!).

A comprehensive benefits package is available for full-time regular employees and includes Medical (HDHP) w/Pharmacy, Dental, Vision, Long Term Disability, Health Savings Account, Flexible Spending Account Options, Life Insurance, Accident Insurance, Critical Illness Insurance, Pre-paid Legal Insurance, Parking and Transit FSA accounts, 401K, ROTH 401K, and paid time off.

CorVel is an Equal Opportunity Employer, drug-free workplace, and complies with ADA regulations as applicable.

#LI-Remote #LI-Hybrid