Other Jobs To Apply
No other job posts for this day.
<p><b>Discover. Achieve. Succeed. </b><b>#BeHere</b><br> </p><p><font face="Times New Roman"><b><font face="Times New Roman"> </font></b></font></p><p><font face="Times New Roman"><b><b><font face="Times New Roman">Location: US:WI:MENOMONEE FALLS at our WOODLAND PRIME 400 facility.</font></b><font face="Times New Roman"> </font></b></font></p><p><font face="Times New Roman"><b><font face="Times New Roman">This job is REMOTE.</font></b></font></p><p><font face="Times New Roman"><b><b><font face="Times New Roman">FTE: 1.000000</font></b></b></font></p><p> <font face="Times New Roman"><b>Standard Hours: 40.00</b></font></p><p><font face="Times New Roman"><b><b><font face="Times New Roman">Shift: Flexible 1st shift between 7 am and 5 pm </font></b></b></font></p><p><span style="font-weight:400"><font face="Times New Roman">Shift Details: Holidays: Weekends: </font></span></p><p><font face="Times New Roman"><font face="Times New Roman"><b>Job Summary:<br></b></font></font></p><p></p><p></p><p>Healthcare security isn’t a compliance checkbox problem — it’s a patient safety problem. At Froedtert ThedaCare, the Cybersecurity GRC Manager owns the program that connects our governance posture to real-world risk outcomes for patients, clinicians, and the communities we serve across Wisconsin.</p><p>This is a high-visibility, high-autonomy leadership role inside a Cybersecurity & Infrastructure team that operates with strategic intent and operational rigor. You will build and run a team of 5+ GRC professionals, serve as the internal subject matter authority on compliance and risk, and translate complex regulatory requirements into actionable programs that the broader organization can execute against.</p><p> <span style="font-size:11pt">If you’ve built GRC programs from scratch (or rebuilt ones that needed it), know your way around a HIPAA gap analysis and a third-party risk assessment in equal measure, are people-focused, and lead with clarity rather than bureaucracy — this is the role for you</span> </p><h2><span style="font-size:11pt"><span style="font-weight:800">People Leadership</span></span></h2><p>•Lead, mentor, and grow a team of 5+ GRC analysts and specialists across compliance, risk, policy, and awareness domains</p><p>•Establish clear role expectations, development pathways, and performance standards for each team member</p><p>•Foster a team culture that balances rigor with pragmatism — we care about outcomes, not just documentation</p><p></p><h2><span style="font-size:11pt"><span style="font-weight:800">HIPAA & Healthcare Compliance</span></span></h2><p>•Serve as the organization’s functional lead for HIPAA Privacy and Security Rule compliance, including ongoing gap assessment and remediation tracking</p><p>•Coordinate with Legal, Privacy, and Clinical Operations to ensure compliance obligations are understood and operationalized across the enterprise</p><p>•Oversee preparation for and response to regulatory inquiries, OCR investigations, and audit activity</p><p></p><h2><span style="font-size:11pt"><span style="font-weight:800">Risk Management & Third-Party Risk</span></span></h2><p>•Own the enterprise cybersecurity risk register, ensuring risks are identified, assessed, prioritized, and tracked to resolution</p><p>•Lead the third-party risk management program, including vendor onboarding assessments, ongoing monitoring, and risk-tiering across the supply chain</p><p>•Develop risk reporting for executive and board audiences, translating technical risk into business impact language</p><p></p><h2><span style="font-size:11pt"><span style="font-weight:800">Policy & Controls Frameworks</span></span></h2><p>•Own the cybersecurity policy lifecycle: authorship, review cadence, version control, approval workflows, and exception management</p><p>•Maintain alignment to NIST CSF, managing control mapping, evidence collection, and control effectiveness measurement</p><p>•Drive continuous improvement of the controls environment based on assessment findings, threat intelligence inputs, and regulatory changes</p><p></p><h2><span style="font-size:11pt"><span style="font-weight:800">Audit & Assessment Management</span></span></h2><p>•Serve as the primary point of contact and program lead for internal and external cybersecurity audits and assessments</p><p>•Coordinate evidence collection, manage stakeholder readiness, and oversee finding remediation tracking through to closure</p><p></p><p>•Develop and maintain audit-ready documentation across all GRC domains<font face="Times New Roman"><font face="Times New Roman"> </font></font></p><h2></h2><h2><span style="font-size:11pt"><b>Security Awareness & Phishing Simulation</b></span></h2><p><span style="font-size:11pt">• </span><span style="font-size:11pt">Own the enterprise security awareness program, including curriculum development, delivery scheduling, and effectiveness measurement</span></p><p><span style="font-size:11pt">• </span><span style="font-size:11pt">Manage the phishing simulation program end-to-end: scenario design, cadence, metrics, and targeted follow-up training for at-risk populations</span></p><p> </p><p><span style="font-size:11pt">• </span><span style="font-size:11pt">Tailor awareness content for diverse audiences — from clinical staff to executive leadership — with a voice that educates rather than shames</span></p><p> <b style="font-family:'times new roman';font-size:1.6rem">EXPERIENCE DESCRIPTION: </b></p><p></p><p></p><p> </p><p></p><p><span style="font-size:11pt">• </span><span style="font-size:11pt">A minimum of six year experience in a related field. </span></p><p><span style="font-size:11pt">• </span><span style="font-size:11pt">Prefer 3+ years leading or managing a team in a GRC, compliance, or risk management capacity</span></p><p><span style="font-size:11pt">• </span><span style="font-size:11pt">Prefer experience in a healthcare or other highly regulated industry, with direct exposure to HIPAA compliance obligations</span></p><p><span style="font-size:11pt">• </span><span style="font-size:11pt">Demonstrated experience managing a third-party risk program, including vendor assessments and risk tiering</span></p><p><span style="font-size:11pt">• </span><span style="font-size:11pt">Prefer prior experience building or significantly maturing a GRC program, not just maintaining one</span></p><p><span style="font-size:11pt">• </span><span style="font-size:11pt">Prefer experience managing external audits or assessments (SOC 2, HITRUST, OCR, internal audit, etc.)</span></p><p> <font face="Times New Roman"><font face="Times New Roman"><b>EDUCATION DESCRIPTION: </b></font></font></p><p><font face="Times New Roman"><font face="Times New Roman">A Bachelors degree is required. </font></font></p><p><font face="Times New Roman"><font face="Times New Roman">Bachelors in Computer Science or similar degree is preferred. </font></font></p><p><font face="Times New Roman"><font face="Times New Roman"><b>SPECIAL SKILLS DESCRIPTION: </b></font></font></p><p><span style="font-size:11pt">• </span><span style="font-size:11pt">In-depth knowledge of cybersecurity frameworks including but not limited to NIST CF, HITRUST CSF, ISO 27001. </span></p> <p><span style="font-size:11pt">• </span><span style="font-size:11pt">Experience in managing or leading security organizations responsible for GRC, Cybersecurity, Medical Device Security, Security Operations Centers. </span></p> <p><span style="font-size:11pt">• </span><span style="font-size:11pt">Understanding of general security concepts including but not limited to cryptography, DLP, Security Operations Center, Security Managed Services, SEM, FW, Audit. </span></p> <p><span style="font-size:11pt">• </span><span style="font-size:11pt">Demonstrated record of managing third party security services, preferably with the cloud providers. </span></p> <p><span style="font-size:11pt">• </span><span style="font-size:11pt">Experience in Healthcare industry is preferred. </span></p> <p><span style="font-size:11pt">• </span><span style="font-size:11pt">Ability to communicate and represent IT Security organization with all business partners and third party vendors. </span></p> <p><span style="font-size:11pt">• </span><span style="font-size:11pt">Strong oral, presentation, writing skills. and demonstrated record to deliver results. </span></p> <p><span style="font-size:11pt">• </span><span style="font-size:11pt">Ability to build relationships with business stakeholders of the IT Security program</span></p> <p><span style="font-size:11pt">• </span><span style="font-size:11pt">Familiarity with HIPAA Privacy and Security Rules and their operational implications for a large health system</span></p> <p><span style="font-size:11pt">• </span><span style="font-size:11pt">Ability to develop and present executive-level risk reporting that communicates risk in business impact terms</span></p><p><span style="font-size:11pt">• </span><span style="font-size:11pt">Comfort operating in a matrixed environment with multiple stakeholder groups including Legal, HR, IT, Clinical Operations, and executive leadership</span></p> <p></p><p></p> <p></p><p></p><h2><span style="font-size:11pt"><b>Certifications</b></span></h2><p><span style="font-size:11pt">• </span><span style="font-size:11pt">Prefer CISSP, CISM, CRISC, HCISPP, or equivalent certification </span></p><p> </p><p><span style="font-size:11pt">• </span><span style="font-size:11pt">Prefer Certified in Healthcare Privacy and Security (CHPS) or equivalent</span></p><font face="Times New Roman"><font face="Times New Roman"> </font></font><p></p><p><font face="Times New Roman"><font face="Times New Roman"><b>Compensation, Benefits & Perks at Froedtert Health </b></font></font></p><p>Pay is expected to be between: (expressed as hourly) $49.15 - $84.07. Final compensation is based on experience and will be discussed with you by the recruiter during the interview process.</p><p><font face="Times New Roman"><font face="Times New Roman">Froedtert Health Offers a variety of perks & benefits to staff, depending on your role you may be eligible for the following: </font></font></p><ul><li><font face="Times New Roman"><font face="Times New Roman">Paid time off</font></font></li><li><font face="Times New Roman"><font face="Times New Roman">Growth opportunity- Career Pathways & Career Tuition Assistance, CEU opportunities</font></font></li><li><font face="Times New Roman"><font face="Times New Roman">Academic Partnership with the Medical College of Wisconsin</font></font></li><li><font face="Times New Roman"><font face="Times New Roman">Referral bonuses</font></font></li><li><font face="Times New Roman"><font face="Times New Roman">Retirement plan - 403b</font></font></li><li><font face="Times New Roman"><font face="Times New Roman">Medical, Dental, Vision, Life Insurance, Short & Long Term Disability, Free Workplace Clinics</font></font></li><li><font face="Times New Roman"><font face="Times New Roman">Employee Assistance Programs, Adoption Assistance, Healthy Contributions, Care@Work, Moving Assistance, Discounts on gym memberships, travel and other work life benefits available </font></font></li></ul><p><font face="Times New Roman"><br> </font></p><p><font face="Times New Roman">The Froedtert & the Medical College of Wisconsin regional health network is a partnership between Froedtert Health and the Medical College of Wisconsin supporting a shared mission of patient care, innovation, medical research and education. Our health network operates eastern Wisconsin's only academic medical center and adult Level I Trauma center engaged in thousands of clinical trials and studies. The Froedtert & MCW health network, which includes ten hospitals, nearly 2,000 physicians and more than 45 health centers and clinics draw patients from throughout the Midwest and the nation. </font></p><p><font face="Times New Roman"><b><font face="Times New Roman"> </font></b></font></p><p><font face="Times New Roman"><b><i><font face="Times New Roman">We are proud to be an Equal Opportunity Employer who values and maintains an environment that attracts, recruits, engages and retains a diverse workforce. We welcome protected veterans to share their priority consideration status with us at 262-439-1961. We maintain a drug-free workplace and perform pre-employment substance abuse testing. During your application and interview process, if you have a need that requires an accommodation, please contact us at 262-439-1961. We will attempt to fulfill all reasonable accommodation requests.</font></i></b></font></p><p><font face="Times New Roman"><b><font face="Times New Roman"> </font></b></font></p>