Director, Information Technology Governance

The Director, Information Technology Governance & Risk Management will lead Point C’s IT security governance program, reporting to the CISO. This role is responsible for developing and managing security policies, overseeing risk and compliance initiatives, and ensuring alignment with HIPAA, HITRUST, and SOC 2.

This leader will drive security awareness, vendor risk management, and enterprise risk governance while translating regulatory requirements into practical, scalable processes.

Key Responsibilities

• Lead IT governance, including policy development, lifecycle management, and governance committee oversight

• Maintain an auditable policy library with structured review and approval processes

• Align security policies with HIPAA, HITRUST, SOC 2, and other regulatory frameworks

• Translate audit findings into actionable controls and remediation plans

• Own the IT security awareness and training program, including role-based training and phishing simulations

• Oversee vendor and third-party risk management, including due diligence, risk assessments, and ongoing monitoring

• Manage the IT risk register and drive risk mitigation strategies with executive reporting

• Support audit readiness through control testing, reporting, and coordination of internal/external audits

• Promote adoption of enterprise security standards across identity, access, and data protection

Qualifications

• 8+ years in information security, IT governance, or risk management

• 3+ years leading governance or compliance programs in healthcare or regulated industries

• Experience with HITRUST, SOC 2 Type II, and HIPAA

• Proven experience building policy, awareness, and vendor risk programs

• Strong risk management, stakeholder communication, and executive reporting skills

• CISA, CISSP, CRISC, or CISM preferred