BrightSpring Health Services
OverviewThe Director of IT Risk and Compliance will lead the organization's efforts to identify, assess, and mitigate IT-related risks while ensuring adherence to regulatory and industry standards. This role will oversee the development and enforcement of security policies, manage the risk register, and foster a culture of security awareness. The Director will collaborate cross-functionally with IT, Legal, HR, Compliance, and business units, serving as a key liaison with external auditors to maintain compliance and safeguard organizational assets.
Responsibilities· Risk Management:
o Lead the development and management of the company’s Risk Register, ensuring all identified IT risks are accurately documented and regularly updated.
o Oversee Risk Assessments to evaluate and prioritize security risks, vulnerabilities, and threats across the organization.
o Conduct periodic Vendor Risk Management assessments to evaluate the security posture and compliance of third-party vendors.
· Compliance Management:
o Ensure adherence to relevant regulatory requirements, including SOX, SOC, HIPAA, NIST CSF, CIS, and HITRUST, and keep the organization prepared for audits.
o Develop and maintain IT General Controls to ensure compliance with applicable regulatory frameworks and best practices.
o Manage the organization’s Security Awareness program to ensure employees are educated on best practices, risks, and security policies.
· Security Policy Development and Enforcement:
o Lead the development, implementation, and enforcement of IT Security Policies to safeguard the organization’s IT infrastructure, data, and operations.
o Review and update security policies and procedures to remain compliant with regulatory and industry standards.
· Cross-Functional Collaboration:
o Work closely with the IT, Legal, HR, Compliance, and Business Units to assess and manage risk, ensuring alignment with corporate objectives and risk appetite.
o Collaborate with stakeholders to implement appropriate security controls and strategies.
· External Audits and Liaison:
o Serve as the primary liaison with external auditors, assisting with audit planning, preparation, and the timely resolution of audit findings.
o Coordinate the preparation of necessary documentation and evidence required for external audits related to IT risk and compliance.
Qualifications Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or a related field (Master’s degree preferred).7+ years of experience in IT Risk, Compliance, or Information Security, with at least 3 years in a leadership or management role.Demonstrated expertise in Regulatory Compliance frameworks such as SOX, SOC, HIPAA, NIST CSF, CIS, HITRUST.Strong understanding of IT General Controls (ITGCs), Risk Management, and Security Awareness Programs.Experience working cross-functionally with IT, Legal, HR, Compliance, and business units.Relevant certifications such as CISSP, CISM, CISA, CRISC, or equivalent preferred.Strong knowledge of risk assessment methodologies and risk mitigation strategies.Ability to develop, implement, and enforce security policies.Exceptional interpersonal and communication skills with the ability to engage and influence senior leadership and cross-functional teams.Strong analytical and problem-solving abilities.Experience with vendor risk management and third-party assessments.Travel up to 25% About our Line of Business BrightSpring Health Services provides complementary home- and community-based pharmacy and provider health solutions for complex populations in need of specialized and/or chronic care. Through the Company’s service lines, including pharmacy, home health care and primary care, and rehabilitation and behavioral health, we provide comprehensive and more integrated care and clinical solutions in all 50 states to over 450,000 customers, clients and patients daily. BrightSpring has consistently demonstrated strong and often industry-leading quality metrics across its services lines while improving the quality of life and health for high-need individuals and reducing overall costs to the healthcare system. For more information, please visit www.brightspringhealth.com. Follow us on Facebook, LinkedIn, and X.