Director of Cybersecurity Governance, Risk and Compliance

This is a remote position.

Superlanet is spearheading an executive search for a Director of Cybersecurity Governance, Risk & Compliance (GRC) for our healthcare client in Texas.

This strategic leadership position reports directly to the Deputy Chief Information Security Officer and is responsible for building, maturing, and leading the organization's cybersecurity governance, risk management, compliance, third-party risk, incident response, and business continuity programs.

This position requires candidates to reside in Austin, Texas, or the surrounding metropolitan area. Relocation assistance may be available for highly qualified candidates. While the organization supports flexibility, this leader must be available to work closely with executive leadership and respond onsite when business needs require.

Operating within a federated cybersecurity governance model, this leader will collaborate closely with enterprise security teams while maintaining ownership of healthcare-specific cybersecurity policies, risk management practices, and compliance programs supporting clinical, research, and business operations.

The ideal candidate is a cybersecurity leader with deep experience in governance, risk management, compliance, HIPAA security, and healthcare cybersecurity program development. This individual will serve as a trusted advisor to executive leadership and partner closely with IT, Compliance, Privacy, Legal, Clinical Operations, Research, and Enterprise Risk stakeholders.

• Develop and execute the enterprise cybersecurity GRC strategy aligned with organizational objectives, regulatory requirements, and future hospital operations.
  
• Build, lead, and mentor a team of cybersecurity governance and compliance professionals.
  
• Establish cybersecurity metrics, KPIs, and executive reporting frameworks.
  
• Deliver executive-level reporting on cybersecurity risk, compliance posture, and program maturity.
  
• Partner with Internal Audit, Compliance, Privacy, Legal, and Enterprise Risk teams to align governance activities across the organization.
  
• Evaluate cybersecurity insurance and risk transfer strategies as part of the organization's residual risk management program.
  

• Lead annual HIPAA Security Risk Analyses and remediation planning efforts.
  
• Maintain enterprise cybersecurity risk registers and track mitigation activities.
  
• Conduct risk assessments for clinical systems, enterprise applications, cloud platforms, and infrastructure environments.
  
• Perform business impact analyses to evaluate cybersecurity risks affecting clinical and business operations.
  
• Conduct cyber risk trend analysis and reporting to identify emerging threats and prioritize remediation efforts.
  
• Evaluate the effectiveness and cost-benefit of security controls and investments.
  

• Author and maintain cybersecurity policies, standards, and procedures.
  
• Ensure compliance with HIPAA, NIST, and other applicable regulatory and security frameworks.
  
• Develop healthcare-specific cybersecurity standards supporting clinical, research, and biomedical environments.
  
• Support audits, regulatory inquiries, and compliance reviews.
  
• Develop and oversee cybersecurity awareness, education, and behavior-change programs.
  

• Lead vendor security assessment and onboarding programs.
  
• Evaluate security controls, SOC reports, penetration testing results, and vendor risk documentation.
  
• Review technology contracts and Business Associate Agreements (BAAs) for security and compliance requirements.
  
• Develop vendor risk management processes, risk-tiering methodologies, and remediation plans.
  

• Own cybersecurity incident response governance and escalation processes.
  
• Develop and maintain business continuity and disaster recovery strategies.
  
• Coordinate tabletop exercises and organizational preparedness activities.
  
• Establish communication protocols, recovery procedures, and response playbooks for cybersecurity incidents.
  

• Support cybersecurity governance for research environments handling PHI, CUI, and other regulated data.
  
• Establish cloud security, application security, and secure development governance standards.
  
• Support vulnerability management, security testing, and threat-modeling activities.
  
• Partner with research and technology stakeholders to ensure secure adoption of emerging technologies.
  

• Bachelor's degree required; Master's degree in Information Technology, Cybersecurity, Health Informatics, or a related field preferred. Equivalent experience will be considered.
  
• 8+ years of cybersecurity experience within healthcare, financial services, defense, research, higher education, or other highly regulated industries.
  
• 5+ years of progressive leadership experience in cybersecurity governance, risk management, compliance, or information security leadership roles.
  
• Healthcare provider, academic medical center, healthcare technology, or healthcare research experience.​
  
• Demonstrated experience conducting or leading HIPAA Security Risk Analyses.
  
• Experience developing cybersecurity policies, governance frameworks, risk management programs, and executive reporting processes.
  
• Strong knowledge of cybersecurity frameworks including HIPAA, NIST Cybersecurity Framework (CSF), NIST 800-171, and healthcare security best practices.
  
• Experience presenting cybersecurity risks and compliance findings to executive leadership.
  
• Ability to influence cross-functional stakeholders and drive enterprise-wide cybersecurity initiatives.
  

• CISSP (Certified Information Systems Security Professional)
  

• Experience with research security, Controlled Unclassified Information (CUI), CMMC, or NIST 800-171 compliance programs.
  
• Experience managing third-party cybersecurity risk programs in highly regulated environments.
  
• Experience developing security awareness and behavior-based cybersecurity education programs.
  
• Experience supporting Epic, Workday, Oracle ERP, or other large-scale healthcare technology ecosystems.
  
• Familiarity with cloud security governance, application security governance, and business continuity planning.
  

• HCISPP (Healthcare Information Security and Privacy Practitioner)
  
• CISM (Certified Information Security Manager)
  
• CRISC (Certified in Risk and Information Systems Control)
  
• CISA (Certified Information Systems Auditor)
  
• Healthcare-specific Governance, Risk & Compliance (GRC) certifications