Cybersecurity GRC Manager, FCH - IT - SECURITYFroedtert Health • Menomonee Falls, Wisconsin, United States
Cybersecurity GRC Manager, FCH - IT - SECURITY
Froedtert Health
- Menomonee Falls, Wisconsin, United States
- Menomonee Falls, Wisconsin, United States
À propos
Location: US:WI:MENOMONEE FALLS at our WOODLAND PRIME 400 facility. This job is remote.
FTE: 1.000000 | Standard Hours: 40.00
Shift: Flexible 1st shift between 7 am and 5 pm
Job Summary Healthcare security isn’t a compliance checkbox problem — it’s a patient safety problem. At Froedtert ThedaCare, the Cybersecurity GRC Manager owns the program that connects our governance posture to real‑world risk outcomes for patients, clinicians, and the communities we serve across Wisconsin. This is a high‑visibility, high‑autonomy leadership role inside a Cybersecurity & Infrastructure team that operates with strategic intent and operational rigor. You will build and run a team of 5+ GRC professionals, serve as the internal subject matter authority on compliance and risk, and translate complex regulatory requirements into actionable programs that the broader organization can execute against.
People Leadership
Lead, mentor, and grow a team of 5+ GRC analysts and specialists across compliance, risk, policy, and awareness domains
Establish clear role expectations, development pathways, and performance standards for each team member
Foster a team culture that balances rigor with pragmatism — we care about outcomes, not just documentation
HIPAA & Healthcare Compliance
Serve as the organization’s functional lead for HIPAA Privacy and Security Rule compliance, including ongoing gap assessment and remediation tracking
Coordinate with Legal, Privacy, and Clinical Operations to ensure compliance obligations are understood and operationalized across the enterprise
Oversee preparation for and response to regulatory inquiries, OCR investigations, and audit activity
Risk Management & Third‑Party Risk
Own the enterprise cybersecurity risk register, ensuring risks are identified, assessed, prioritized, and tracked to resolution
Lead the third‑party risk management program, including vendor onboarding assessments, ongoing monitoring, and risk‑tiering across the supply chain
Develop risk reporting for executive and board audiences, translating technical risk into business impact language
Policy & Controls Frameworks
Own the cybersecurity policy lifecycle: authorship, review cadence, version control, approval workflows, and exception management
Maintain alignment to NIST CSF, managing control mapping, evidence collection, and control effectiveness measurement
Drive continuous improvement of the controls environment based on assessment findings, threat intelligence inputs, and regulatory changes
Audit & Assessment Management
Serve as the primary point of contact and program lead for internal and external cybersecurity audits and assessments
Coordinate evidence collection, manage stakeholder readiness, and oversee finding remediation tracking through to closure
Develop and maintain audit‑ready documentation across all GRC domains
Security Awareness & Phishing Simulation
Own the enterprise security awareness program, including curriculum development, delivery scheduling, and effectiveness measurement
Manage the phishing simulation program end‑to‑end: scenario design, cadence, metrics, and targeted follow‑up training for at‑risk populations
Tailor awareness content for diverse audiences — from clinical staff to executive leadership — with a voice that educates rather than shames
Experience
A minimum of six‑year experience in a related field
Prefer 3+ years leading or managing a team in GRC, compliance, or risk management capacity
Prefer experience in a healthcare or other highly regulated industry, with direct exposure to HIPAA compliance obligations
Demonstrated experience managing a third‑party risk program, including vendor assessments and risk tiering
Prefer prior experience building or significantly maturing a GRC program, not just maintaining one
Prefer experience managing external audits or assessments (SOC 2, HITRUST, OCR, internal audit, etc.)
Education Required: A Bachelor’s degree. Preferred: Bachelor’s in Computer Science or a related field.
Special Skills
In‑depth knowledge of cybersecurity frameworks including but not limited to NIST CSF, HITRUST CSF, ISO 27001
Experience in managing or leading security organizations responsible for GRC, Cybersecurity, Medical Device Security, Security Operations Centers
Understanding of general security concepts including but not limited to cryptography, DLP, SOC, SEM, FW, audit
Demonstrated record of managing third‑party security services, preferably with cloud providers
Experience in Healthcare industry is preferred
Ability to communicate and represent IT Security organization with all business partners and third‑party vendors
Strong oral, presentation, writing skills and demonstrated record to deliver results
Ability to build relationships with business stakeholders of the IT Security program
Familiarity with HIPAA Privacy and Security Rules and their operational implications for a large health system
Ability to develop and present executive‑level risk reporting that communicates risk in business impact terms
Comfort operating in a matrixed environment with multiple stakeholder groups including Legal, HR, IT, Clinical Operations, and executive leadership
Certifications
Prefer CISSP, CISM, CRISC, HCISPP, or equivalent certification
Prefer Certified in Healthcare Privacy and Security (CHPS) or equivalent
Compensation, Benefits & Perks Pay is expected to be between $49.15 and $84.07 per hour, based on experience and discussed during the interview process.
Benefits may include: Paid time off; Career Pathways & Tuition Assistance; academic partnership with the Medical College of Wisconsin; referral bonuses; 403(b) retirement plan; medical, dental, vision, life insurance; short & long term disability; free workplace clinics; employee assistance programs; adoption assistance; healthy contributions; Care@Work; moving assistance; gym membership discounts; travel and other work‑life benefits.
Equal Opportunity Employer We are proud to be an Equal Opportunity Employer who values and maintains an environment that attracts, recruits, engages and retains a diverse workforce. We welcome protected veterans to share their priority consideration status with us at 262‑439‑1961. We maintain a drug‑free workplace and perform pre‑employment substance abuse testing. During your application and interview process, if you have a need that requires an accommodation, please contact us at 262‑439‑1961. We will attempt to fulfill all reasonable accommodation requests.
#J-18808-Ljbffr
Compétences linguistiques
- English
Avis aux utilisateurs
Cette offre provient d’une plateforme partenaire de TieTalent. Cliquez sur « Postuler maintenant » pour soumettre votre candidature directement sur leur site.