Manager, IT Risk & Compliance
Company: Great Expressions Dental Centers
Posted on: February 23, 2021
Company Overview:Great Expressions Dental Centers (GEDC) is one
of the most established, single brand dental organizations in the
United States. Founded in Michigan over 45 years ago and now
serving patients in nine states across 255 dental offices, the
Great Expressions strategic objective is to become the leading
national Dental Services Organization-fueled by the Best Team
Members working in a Best Place to Work culture that culminates in
delivering the Best Patient Experience in the industry.
Job Summary The Manager, IT Risk and Compliance is responsible for
ensuring technologies and processes during the planning, execution,
and delivery stages meet IT security, risk, and compliance
requirements. The role is responsible for ensuring the technology
portion of the company's IT General, HIPAA and PCI-DSS Controls
meet or exceed the published specifications or as set by the
company's Chief Compliance Officer. This team member plays a
crucial role in executing the company's Compliance Program and
makes recommendations to various leadership levels for enhancing
processes and controls and improving documentation to meet IT
compliance requirements. The position is responsible for all IT
Compliance initiatives through thought leadership and collaborating
with internal and external stakeholders.
- None - it does not apply to the position
Duties & Responsibilities:
- Plan, define, design, and implement information technology and
data compliance processes, configurations, and technologies and
support compliance reviews with internal and external stakeholders
to provide timely deliverables and rapid remediation.
- Lead information IT Risk and Compliance projects throughout all
phases, coordinating and driving communication, facilitating
decisions, and ensuring follow-through on the execution of projects
with internal and external
- Develop compliance metrics and performance dashboards for
regular reporting to all organization levels on performance and
Compliance status and performance.
- Works with the Chief Compliance Officer and other stakeholders
to review existing Compliance scope and identify areas for control
rationalization, control enhancement, and testing approach
- Create and administer training and awareness programs for
control owners and end-users.
- Stays current and communicates security regulations, industry
trends, new threats and attack techniques, mitigation techniques, &
emerging security technologies.
- Responsible for managing all Computer Incident Response Team
- Collaborate with IT technology and process owners to ensure
timely completion of scheduled and ad-hoc audits and
- Collaborate with Development teams and business and system
owners regarding testing of new risk and compliance-related
software capabilities, programs, and applications.
- Assists in annual planning and maintenance of the IT risk
control matrix for relevant IT systems and controls.
- Review and help refine controls and compliance processes and
identify opportunities to ensure proactive management and
mitigation of risks.
- Partners closely with cross-functional teams, including IT
Operations, IT Business and Practice Systems, Accounting, Finance,
and Internal/External Audit.
- Ensure new software programs meet compliance requirements
before they are made operational.
- Review vendor SOC evaluations for adequacy and identify
exceptions and work with internal leads to ensure exceptions are
appropriately addressed and other complementary controls are in
place and operating effectively
- Special projects as assigned
- Travel may be required (less than 20% of time)
- Other IT-related duties as assigned by Manager
- Strong background in information technology and a clear
understanding of the challenges of information security
- Excellent communication and presentation skills
- Excellent organization, time and project management skills with
the ability to work independently and proactively
- Strong analytical and problem-solving ability
- Ability to operate when requirements are not clear and manage
dynamic changes to environment.
Education & Experience:
- Bachelor's degree in computer science, information technology,
or a related field or equivalent experience
- 5 years of experience with project or program management,
governance and security processes
- 5 years of experience with one or more security compliance
frameworks: AICPA Trust Principles (SSAE 16 - SOC 2 and 3), NIST,
ISO 27000 Series, PCI DSS, HIPAA, SOX, SANS CIS Critical Security
Controls, regulations governing personally identifiable information
and other regulatory compliance frameworks.
Certificates, Licenses, Registrations:
- CISA (CISM, CISSP is a bonus)
- Prolonged periods of sitting at a desk and working on a
- Must be able to lift up to 15 pounds at times
Keywords: Great Expressions Dental Centers, Southfield , Manager, IT Risk & Compliance, IT / Software / Systems , Southfield, Michigan
Didn't find what you're looking for? Search again!