Children's Health
Job Title & Specialty Area : GRC Sr Specialist
Department : IT Security
Location : Dallas, TX
Shift : Monday - Friday
Job Type : Remote (must live in Texas)
Why Children's Health? At Children's Health, our mission is to Make Life Better for Children, and we recognize that their health plays a crucial role in achieving this goal.
Through our cutting-edge treatments and affiliation with UT Southwestern, we strive to deliver an extraordinary patient and family experience, ensuring that every moment, big or small, contributes to their overall well-being.
Our dedication to promoting children's health extends beyond our organization and encompasses the broader community. Together, we can make a significant difference in the lives of children and contribute to a brighter and healthier future for all.
Summary : The IT Security Governance, Risk & Compliance (GRC) Sr Specialist plays a critical role in ensuring that the organization adheres to healthcare regulations, mitigates risks, and maintains a robust compliance program. This individual will support governance, risk, and compliance initiatives by assessing regulatory requirements, identifying potential risks, and ensuring alignment with industry standards such as HIPAA, HITECH, NIST CSF, and other relevant frameworks. Additionally, this role serves as a key resource and mentor for junior-level roles, providing guidance and expertise to foster skill development and support the overall effectiveness of the GRC team.
Responsibilities :
Governance: Assist in developing, maintaining, and enforcing healthcare policies and procedures. Support the implementation and management of governance frameworks, ensuring alignment with organizational objectives and healthcare regulations. Collaborate with stakeholders to ensure compliance with applicable standards and best practices. Risk Management: Conduct risk assessments, including the identification, analysis, and prioritization of risks related to healthcare operations, IT systems, and third-party vendors. Develop and maintain the organization's risk register and track remediation efforts. Participate in incident response planning and tabletop exercises to improve organizational preparedness. Compliance: Monitor and ensure compliance with regulatory requirements such as HIPAA, HITECH, CMS guidelines, and state-specific healthcare laws. Support audit and assessment processes, including preparing documentation, responding to audit requests, and implementing corrective actions. Assist in managing third-party risk assessments, ensuring vendor compliance with healthcare security and privacy standards. Reporting and Documentation: Prepare and deliver compliance and risk reports to leadership, including metrics, dashboards, and key performance indicators (KPIs). Maintain accurate documentation of compliance activities, risk assessments, and governance efforts. Collaboration and Training: Partner with internal teams (e.g., IT, Legal, Operations) to address compliance gaps and enhance security posture. Provide training and awareness sessions to staff on healthcare compliance, risk management, and policy requirements. Act as a liaison with external auditors, regulatory agencies, and third-party vendors. Serves as a key resource and mentor for junior-level roles, providing guidance and expertise to foster skill development and support the overall effectiveness of the GRC team. How You'll Be Successful:
WORK EXPERIENCE
At least 3 years of experience in governance, risk and compliance roles, preferably in healthcare - required Familiarity with healthcare regulations (HIPAA, HITECH, CMS0 and industry standard (NIST, CSF, HITRUST, ISO 27001) - required EDUCATION
Four-year bachelor's degree or equivalent experience Healthcare Administration, Information Security, Risk Management, or a related field - required Graduate or professional work or advanced degree; or equivalent experience GRC related field - preferred LICENSES AND CERTIFICATIONS
CHC, CISA, CCSFP, CISSP - preferred
A Place Where You Belong
We put our people first. We welcome, value, and respect the beliefs, identities and experiences of our patients and colleagues. We are committed to delivering culturally effective care, creating meaningful partnerships in the communities we serve, and equipping and developing our team members to make Children's Health a place where everyone can contribute.
Holistic Benefits - How We'll Care for You: • Employee portion of medical plan premiums are covered after 3 years. • 4%-10% employee savings plan match based on tenure • Paid Parental Leave (up to 12 weeks) • Caregiver Leave • Adoption and surrogacy reimbursement
As an equal opportunity employer, Children's Health does not discriminate against employees or applicants because of race, color, religion, sex, gender identity and expression, sexual orientation, age, national origin, veteran or military status, disability, or genetic information or any other Federal or State legally-protected status or class. This applies to all aspects of the employer-employee relationship including but not limited to recruitment, hiring, promotion, transfer pay, training, discipline, workforce adjustments, termination, employee benefits, and any other employment-related activity.
Department : IT Security
Location : Dallas, TX
Shift : Monday - Friday
Job Type : Remote (must live in Texas)
Why Children's Health? At Children's Health, our mission is to Make Life Better for Children, and we recognize that their health plays a crucial role in achieving this goal.
Through our cutting-edge treatments and affiliation with UT Southwestern, we strive to deliver an extraordinary patient and family experience, ensuring that every moment, big or small, contributes to their overall well-being.
Our dedication to promoting children's health extends beyond our organization and encompasses the broader community. Together, we can make a significant difference in the lives of children and contribute to a brighter and healthier future for all.
Summary : The IT Security Governance, Risk & Compliance (GRC) Sr Specialist plays a critical role in ensuring that the organization adheres to healthcare regulations, mitigates risks, and maintains a robust compliance program. This individual will support governance, risk, and compliance initiatives by assessing regulatory requirements, identifying potential risks, and ensuring alignment with industry standards such as HIPAA, HITECH, NIST CSF, and other relevant frameworks. Additionally, this role serves as a key resource and mentor for junior-level roles, providing guidance and expertise to foster skill development and support the overall effectiveness of the GRC team.
Responsibilities :
Governance: Assist in developing, maintaining, and enforcing healthcare policies and procedures. Support the implementation and management of governance frameworks, ensuring alignment with organizational objectives and healthcare regulations. Collaborate with stakeholders to ensure compliance with applicable standards and best practices. Risk Management: Conduct risk assessments, including the identification, analysis, and prioritization of risks related to healthcare operations, IT systems, and third-party vendors. Develop and maintain the organization's risk register and track remediation efforts. Participate in incident response planning and tabletop exercises to improve organizational preparedness. Compliance: Monitor and ensure compliance with regulatory requirements such as HIPAA, HITECH, CMS guidelines, and state-specific healthcare laws. Support audit and assessment processes, including preparing documentation, responding to audit requests, and implementing corrective actions. Assist in managing third-party risk assessments, ensuring vendor compliance with healthcare security and privacy standards. Reporting and Documentation: Prepare and deliver compliance and risk reports to leadership, including metrics, dashboards, and key performance indicators (KPIs). Maintain accurate documentation of compliance activities, risk assessments, and governance efforts. Collaboration and Training: Partner with internal teams (e.g., IT, Legal, Operations) to address compliance gaps and enhance security posture. Provide training and awareness sessions to staff on healthcare compliance, risk management, and policy requirements. Act as a liaison with external auditors, regulatory agencies, and third-party vendors. Serves as a key resource and mentor for junior-level roles, providing guidance and expertise to foster skill development and support the overall effectiveness of the GRC team. How You'll Be Successful:
WORK EXPERIENCE
At least 3 years of experience in governance, risk and compliance roles, preferably in healthcare - required Familiarity with healthcare regulations (HIPAA, HITECH, CMS0 and industry standard (NIST, CSF, HITRUST, ISO 27001) - required EDUCATION
Four-year bachelor's degree or equivalent experience Healthcare Administration, Information Security, Risk Management, or a related field - required Graduate or professional work or advanced degree; or equivalent experience GRC related field - preferred LICENSES AND CERTIFICATIONS
CHC, CISA, CCSFP, CISSP - preferred
A Place Where You Belong
We put our people first. We welcome, value, and respect the beliefs, identities and experiences of our patients and colleagues. We are committed to delivering culturally effective care, creating meaningful partnerships in the communities we serve, and equipping and developing our team members to make Children's Health a place where everyone can contribute.
Holistic Benefits - How We'll Care for You: • Employee portion of medical plan premiums are covered after 3 years. • 4%-10% employee savings plan match based on tenure • Paid Parental Leave (up to 12 weeks) • Caregiver Leave • Adoption and surrogacy reimbursement
As an equal opportunity employer, Children's Health does not discriminate against employees or applicants because of race, color, religion, sex, gender identity and expression, sexual orientation, age, national origin, veteran or military status, disability, or genetic information or any other Federal or State legally-protected status or class. This applies to all aspects of the employer-employee relationship including but not limited to recruitment, hiring, promotion, transfer pay, training, discipline, workforce adjustments, termination, employee benefits, and any other employment-related activity.