Director, Governance, Risk & Compliance

Director, Governance, Risk & Compliance (GRC), Fresenius Management Services, Inc., a Fresenius Medical Care NA company, Lexington, Massachusetts (Remote)

Will manage Information Security Governance, Risk, and Compliance programs across global business units as directed by the Sr.

Director.  Will interact with diverse, cross-functional, and global stakeholders to identify and remediate security risks to critical business processes and IT infrastructure by defining these risks’ potential business impact with responsibility for applying effective mitigation strategies and ensuring effective controls are in place.   Specific duties will include:


* Manages the tactical execution of short and long-term IT governance and security related objectives through the coordination of IT infrastructure and systems activities with direct responsibility for results, including costs, methods, and staffing.


* Oversees the coordination of Information Security activities with direct responsibility for results, including workflows, prioritization, and team staffing/assignments.   


* Provides technical guidance and leads various IT governance and security programs and projects as assigned.


* Leads process improvement documentation efforts related to IT security and compliance management.


* Exercises technical proficiency and knowledge of IT and cybersecurity industry practices and business principles, working on issues of diverse scope where the analysis of a situation or data requires an evaluation of a variety of factors, including an understanding of current business trends.  


* Manages a program to protect, govern, and monitor cybersecurity governance across Fresenius Medical Care business units specific to the compliance requirements of each line of business.


* Directs an organization-wide Incident Management Program in collaboration with Legal, IT, and Compliance across all business units.


* Leads the implementation and enhancement of a Cybersecurity Governance Program which includes a security and control framework that consists of standards, measures, reporting, practices, and procedures that assure compliance with regulatory or contractual requirements (NIST, ISO 27001/02, PCI, CCPA, and GDPR).


* Develops and maintains strong partnerships with Senior IT, Legal, Compliance, HR, Internal Audit, and other relevant business units and third-party vendors to ensure an effective understanding, awareness, and adoption of their responsibilities related to cybersecurity compliance requirements.


* Participates and presents at meetings with internal and external stakeholders and representatives, to establish cooperative effort for team projects.


* Identifies gaps and ensures appropriate remediation plans are developed to effectively mitigate IT security vulnerabilities, exceptions, and defects to reduce risk to confidentiality, integrity, or availability of information. 


* Evaluates and ensures sec...