Manager, IT Risk & Compliance

Company: Great Expressions Dental Centers
Location: Southfield
Posted on: February 23, 2021

Job Description:

Company Overview:Great Expressions Dental Centers (GEDC) is one of the most established, single brand dental organizations in the United States. Founded in Michigan over 45 years ago and now serving patients in nine states across 255 dental offices, the Great Expressions strategic objective is to become the leading national Dental Services Organization-fueled by the Best Team Members working in a Best Place to Work culture that culminates in delivering the Best Patient Experience in the industry.
Job Summary The Manager, IT Risk and Compliance is responsible for ensuring technologies and processes during the planning, execution, and delivery stages meet IT security, risk, and compliance requirements. The role is responsible for ensuring the technology portion of the company's IT General, HIPAA and PCI-DSS Controls meet or exceed the published specifications or as set by the company's Chief Compliance Officer. This team member plays a crucial role in executing the company's Compliance Program and makes recommendations to various leadership levels for enhancing processes and controls and improving documentation to meet IT compliance requirements. The position is responsible for all IT Compliance initiatives through thought leadership and collaborating with internal and external stakeholders.
Supervisory Responsibilities:

• None - it does not apply to the position
  Duties & Responsibilities:
  • Plan, define, design, and implement information technology and data compliance processes, configurations, and technologies and support compliance reviews with internal and external stakeholders to provide timely deliverables and rapid remediation.
  • Lead information IT Risk and Compliance projects throughout all phases, coordinating and driving communication, facilitating decisions, and ensuring follow-through on the execution of projects with internal and external
  • Develop compliance metrics and performance dashboards for regular reporting to all organization levels on performance and Compliance status and performance.
  • Works with the Chief Compliance Officer and other stakeholders to review existing Compliance scope and identify areas for control rationalization, control enhancement, and testing approach changes.
  • Create and administer training and awareness programs for control owners and end-users.
  • Stays current and communicates security regulations, industry trends, new threats and attack techniques, mitigation techniques, & emerging security technologies.
  • Responsible for managing all Computer Incident Response Team Activities
  • Collaborate with IT technology and process owners to ensure timely completion of scheduled and ad-hoc audits and compliance.
  • Collaborate with Development teams and business and system owners regarding testing of new risk and compliance-related software capabilities, programs, and applications.
  • Assists in annual planning and maintenance of the IT risk control matrix for relevant IT systems and controls.
  • Review and help refine controls and compliance processes and identify opportunities to ensure proactive management and mitigation of risks.
  • Partners closely with cross-functional teams, including IT Operations, IT Business and Practice Systems, Accounting, Finance, and Internal/External Audit.
  • Ensure new software programs meet compliance requirements before they are made operational.
  • Review vendor SOC evaluations for adequacy and identify exceptions and work with internal leads to ensure exceptions are appropriately addressed and other complementary controls are in place and operating effectively
  • Special projects as assigned
  • Travel may be required (less than 20% of time)
  • Other IT-related duties as assigned by Manager
    Required Skills/Abilities:
    • Strong background in information technology and a clear understanding of the challenges of information security
    • Excellent communication and presentation skills
    • Excellent organization, time and project management skills with the ability to work independently and proactively
    • Strong analytical and problem-solving ability
    • Ability to operate when requirements are not clear and manage dynamic changes to environment.
      Education & Experience:
      • Bachelor's degree in computer science, information technology, or a related field or equivalent experience
      • 5 years of experience with project or program management, governance and security processes
      • 5 years of experience with one or more security compliance frameworks: AICPA Trust Principles (SSAE 16 - SOC 2 and 3), NIST, ISO 27000 Series, PCI DSS, HIPAA, SOX, SANS CIS Critical Security Controls, regulations governing personally identifiable information and other regulatory compliance frameworks.
        Certificates, Licenses, Registrations:
        • CISA (CISM, CISSP is a bonus)
          Physical Requirements:
          • Prolonged periods of sitting at a desk and working on a computer
          • Must be able to lift up to 15 pounds at times

Keywords: Great Expressions Dental Centers, Southfield , Manager, IT Risk & Compliance, IT / Software / Systems , Southfield, Michigan