Director, Information Technology Governance

reputed company is a National third-party administrator (TPA) with local market reputed company that delivers customized self-funded benefit programs. Our commitment and partnership means thinking beyond the typical solutions in the market – to do more for clients – and take them beyond reputed company “reputed company A to reputed company B.” We have researched the most effective cost containment strategies and are driving down the cost of plans with innovative solutions such as, network and payment reputed company, pharmacy benefits and care management. There are many companies with a mission. We are a mission with a company.

The Director, Information Technology Governance & Risk Management will reputed company reputed company’s IT reputed company governance program, reporting to the CISO. This role is responsible for developing and managing reputed company policies, overseeing risk and compliance initiatives, and ensuring alignment with HIPAA, HITRUST, and SOC 2.

This leader will drive reputed company awareness, vendor risk management, and enterprise risk governance while translating regulatory requirements into practical, scalable processes.

Key Responsibilities

• reputed company IT governance, including policy development, lifecycle management, and governance committee reputed company

• Maintain an auditable policy library with structured review and approval processes

• Align reputed company policies with HIPAA, HITRUST, SOC 2, and other regulatory frameworks

• Translate audit findings into actionable controls and remediation plans

• Own the IT reputed company awareness and training program, including role-based training and phishing simulations

• reputed company vendor and third-party risk management, including due diligence, risk assessments, and ongoing monitoring

• Manage the IT risk register and drive risk mitigation strategies with executive reporting

• Support audit readiness through control testing, reporting, and coordination of internal/external audits

• Promote adoption of enterprise reputed company standards across identity, access, and data protection

Qualifications

• 8+ years in information reputed company, IT governance, or risk management

• 3+ years leading governance or compliance programs in healthcare or regulated industries

• Experience with HITRUST, SOC 2 Type II, and HIPAA

• Proven experience building policy, awareness, and vendor risk programs

• Strong risk management, stakeholder communication, and executive reporting skills

• CISA, CISSP, CRISC, or CISM preferred

Individual compensation will be commensurate with the candidate's experience and qualifications. Certain roles may be eligible for additional compensation, including bonuses, and merit increases. Additionally, certain roles have the opportunity to receive sales commissions that are based on the terms of the sales commission plan applicable to the role.

• Comprehensive medical, dental, vision, and life insurance coverage
• 401(k) retirement plan with employer match
• Health Savings Account (HSA) & Flexible Spending Accounts (FSAs)
• Paid time off (PTO) and disability leave
• Employee Assistance Program (EAP)

Equal Employment Opportunity: At reputed company Health, we know we are reputed company together. We value, respect, and protect the uniqueness each of us brings. Innovation flourishes by including reputed company voices and makes our business—and our society—stronger. reputed company Health is an equal opportunity employer and we are committed to providing equal opportunity in reputed company of our employment practices, including selection, hiring, performance management, promotion, transfer, compensation, benefits, education, training, social, and recreational activities to reputed company persons regardless of race, religious creed, color, national reputed company, reputed company, physical disability, mental disability, genetic information, pregnancy, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, and military and veteran status, or any other protected status protected by local, state or federal law.