Director - InfoSec Governance, Risk and Compliance - Hybrid
Option Care Health Inc., Chicago, IL, United States
- Description
New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application.- Description
Issued by Microsoft's ASP.NET Application, this cookie stores session data during a user's website visit.- Description
This cookie is used by Akamai to optimize site security by distinguishing between humans and bots- Description
CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors.- Description
Calendly sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services- Description
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.- Description
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.- Description
Cloudflare set the cookie to support Cloudflare Bot Management.- Description
|
|
| --- |
| LinkedIn sets the lidc cookie to facilitate data center selection. |
|- Description
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.- Description
Google Analytics sets this cookie to store and count page views.- Description
The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.- Description- Description
Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.- Description
Adobe-Dtm sets this cookie to store a unique ID to identify a unique visitor.- Description
Adobe-Dtm sets this cookie to find the unique user ID that recognises the user on returning visits.- Description
Pardot sets this cookie to store a unique user ID.- Description
Pardot sets this cookie to store a unique user ID.- Description
Rubicon Project sets this cookie to control the synchronization of user identification and the exchange of user data between various ad services.- Description
MediaMath sets this cookie to avoid the same ads from being shown repeatedly and for relevant advertising.- Description
LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.- Description
|
|
| --- |
| LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant. |
|- Description
No description available.- Description
Description is currently not available.- Description
No description available.- Description
No description available.- Description
No description available.- Description
Description is currently not available.- Description
Description is currently not available.- Description
No description available.- Description
No description available.- Description
No description available.- Description
Description is currently not available.# Director - InfoSec Governance, Risk and Compliance - HybridBannockburn, Illinois**Extraordinary Careers. Endless Possibilities.****With the nation’s largest home infusion provider, there is no limit to the growth of your career.** Option Care Health, Inc. is the largest independent home and alternate site infusion services provider in the United States. With over 8,000 team members including 5,000 clinicians, we work compassionately to elevate standards of care for patients with acute and chronic conditions in all 50 states. Through our clinical leadership, expertise and national scale, Option Care Health is re-imagining the infusion care experience for patients, customers and team members.Join a company that is taking action to develop an inclusive, respectful, engaging and rewarding culture for all team members. At Option Care Health your voice is heard, your work is valued, and you’re empowered to grow. Cultivating a team with a variety of talents, backgrounds and perspectives makes us stronger, innovative, and more impactful. Our organization requires extraordinary people to provide extraordinary care, so we are investing in a culture that attracts, hires and retains the best and brightest talent in healthcare.**Job Description Summary:**The Director of Information Security Governance, Risk & Compliance (GRC) is responsible for leading the
enterprise-wide information security and IT GRC program, ensuring protection of electronic Protected Health
Information (ePHI) and alignment with regulatory, contractual, and risk management obligations. This role
drives the design, implementation, and continuous improvement of a comprehensive GRC program that
delivers measurable risk reduction, audit readiness, and control maturity across clinical, operational, and
corporate environments.
The Director works closely with IT, Business Operations, Compliance, Privacy, Legal, Internal Audit, and
Enterprise Risk Management. The role has direct accountability for HIPAA security governance, NIST framework
adoption, third-party risk management, SOX IT controls coordination, and business continuity and incident
readiness.**Job Description:** **Job Responsibilities** (listed in order of importance and/or time spent)Lead the enterprise information security and IT risk management program, including identification,assessment, classification, and measurement of risks impacting healthcare operations and ePHI.Lead the enterprise information security governance program, including development and maintenance ofpolicies, standards, procedures, and control narrativesLead a scalable third‐party risk management program covering security and privacy assessments, risk tiering,remediation tracking, and continuous monitoringLead enterprise‐wide security education and awareness programs for employees, contractors, and vendorsDevelop executive‐level metrics and dashboards translating technical risk into business‐relevant insightsPresent security risk, compliance posture, and investment needs to leadershipProvide governance oversight for incident response and lead enterprise tabletop exercisesExpand Data Governance program in alignment with privacy and complianceSupport the AI Governance Committee with effective implementation of governance controls aroundenterprise AI useMaintain and govern the InfoSec and IT risk register, including risk ownership, treatment plans, exceptionhandling, and align with Enterprise Risk Management.Develop and maintain key risk and performance metrics (KRIs/KPIs), dashboards, and trend analysesdemonstrating risk posture and maturity improvementsLead control maturity and compliance programs aligned to NIST‐CSF, SOC 2, SOX IT General Controls (ITGC),and other applicable regulatory or assurance frameworksCoordinate external audits and assessments, serving as the primary liaison for auditors and assessorsIdentify and research potential performance improvement opportunities in leveraging security benchmarksand best practices.Lead, mentor, and develop a high‐performing GRC team.Supervisory Responsibilities(i.e. hiring, recommending/approving promotions andpay increases, scheduling, performance reviews,discipline, etc.)No Yes-XBasic Education and/or Experience RequirementsBachelor’s degree required; Master’s degree preferred in relevant field.10+ years of progressively responsible experience in information security, IT and InfoSec risk, governance,compliance, metrics, business continuity, and training.5+ years direct management experience leading #J-18808-Ljbffr
New Relic uses this cookie to store a session identifier so that New Relic can monitor session counts for an application.- Description
Issued by Microsoft's ASP.NET Application, this cookie stores session data during a user's website visit.- Description
This cookie is used by Akamai to optimize site security by distinguishing between humans and bots- Description
CookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on subsequent visits to this site. It does not collect or store any personal information about the site visitors.- Description
Calendly sets this cookie to track users across sessions to optimize user experience by maintaining session consistency and providing personalized services- Description
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.- Description
This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks.- Description
Cloudflare set the cookie to support Cloudflare Bot Management.- Description
|
|
| --- |
| LinkedIn sets the lidc cookie to facilitate data center selection. |
|- Description
Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors.- Description
Google Analytics sets this cookie to store and count page views.- Description
The pardot cookie is set while the visitor is logged in as a Pardot user. The cookie indicates an active session and is not used for tracking.- Description- Description
Vimeo installs this cookie to collect tracking information by setting a unique ID to embed videos on the website.- Description
Adobe-Dtm sets this cookie to store a unique ID to identify a unique visitor.- Description
Adobe-Dtm sets this cookie to find the unique user ID that recognises the user on returning visits.- Description
Pardot sets this cookie to store a unique user ID.- Description
Pardot sets this cookie to store a unique user ID.- Description
Rubicon Project sets this cookie to control the synchronization of user identification and the exchange of user data between various ad services.- Description
MediaMath sets this cookie to avoid the same ads from being shown repeatedly and for relevant advertising.- Description
LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser IDs.- Description
|
|
| --- |
| LinkedIn sets this cookie to collect user behaviour data to optimise the website and make advertisements on the website more relevant. |
|- Description
No description available.- Description
Description is currently not available.- Description
No description available.- Description
No description available.- Description
No description available.- Description
Description is currently not available.- Description
Description is currently not available.- Description
No description available.- Description
No description available.- Description
No description available.- Description
Description is currently not available.# Director - InfoSec Governance, Risk and Compliance - HybridBannockburn, Illinois**Extraordinary Careers. Endless Possibilities.****With the nation’s largest home infusion provider, there is no limit to the growth of your career.** Option Care Health, Inc. is the largest independent home and alternate site infusion services provider in the United States. With over 8,000 team members including 5,000 clinicians, we work compassionately to elevate standards of care for patients with acute and chronic conditions in all 50 states. Through our clinical leadership, expertise and national scale, Option Care Health is re-imagining the infusion care experience for patients, customers and team members.Join a company that is taking action to develop an inclusive, respectful, engaging and rewarding culture for all team members. At Option Care Health your voice is heard, your work is valued, and you’re empowered to grow. Cultivating a team with a variety of talents, backgrounds and perspectives makes us stronger, innovative, and more impactful. Our organization requires extraordinary people to provide extraordinary care, so we are investing in a culture that attracts, hires and retains the best and brightest talent in healthcare.**Job Description Summary:**The Director of Information Security Governance, Risk & Compliance (GRC) is responsible for leading the
enterprise-wide information security and IT GRC program, ensuring protection of electronic Protected Health
Information (ePHI) and alignment with regulatory, contractual, and risk management obligations. This role
drives the design, implementation, and continuous improvement of a comprehensive GRC program that
delivers measurable risk reduction, audit readiness, and control maturity across clinical, operational, and
corporate environments.
The Director works closely with IT, Business Operations, Compliance, Privacy, Legal, Internal Audit, and
Enterprise Risk Management. The role has direct accountability for HIPAA security governance, NIST framework
adoption, third-party risk management, SOX IT controls coordination, and business continuity and incident
readiness.**Job Description:** **Job Responsibilities** (listed in order of importance and/or time spent)Lead the enterprise information security and IT risk management program, including identification,assessment, classification, and measurement of risks impacting healthcare operations and ePHI.Lead the enterprise information security governance program, including development and maintenance ofpolicies, standards, procedures, and control narrativesLead a scalable third‐party risk management program covering security and privacy assessments, risk tiering,remediation tracking, and continuous monitoringLead enterprise‐wide security education and awareness programs for employees, contractors, and vendorsDevelop executive‐level metrics and dashboards translating technical risk into business‐relevant insightsPresent security risk, compliance posture, and investment needs to leadershipProvide governance oversight for incident response and lead enterprise tabletop exercisesExpand Data Governance program in alignment with privacy and complianceSupport the AI Governance Committee with effective implementation of governance controls aroundenterprise AI useMaintain and govern the InfoSec and IT risk register, including risk ownership, treatment plans, exceptionhandling, and align with Enterprise Risk Management.Develop and maintain key risk and performance metrics (KRIs/KPIs), dashboards, and trend analysesdemonstrating risk posture and maturity improvementsLead control maturity and compliance programs aligned to NIST‐CSF, SOC 2, SOX IT General Controls (ITGC),and other applicable regulatory or assurance frameworksCoordinate external audits and assessments, serving as the primary liaison for auditors and assessorsIdentify and research potential performance improvement opportunities in leveraging security benchmarksand best practices.Lead, mentor, and develop a high‐performing GRC team.Supervisory Responsibilities(i.e. hiring, recommending/approving promotions andpay increases, scheduling, performance reviews,discipline, etc.)No Yes-XBasic Education and/or Experience RequirementsBachelor’s degree required; Master’s degree preferred in relevant field.10+ years of progressively responsible experience in information security, IT and InfoSec risk, governance,compliance, metrics, business continuity, and training.5+ years direct management experience leading #J-18808-Ljbffr