MorganFranklin Cyber
Join to apply for the
GRC Manager
role at
MorganFranklin Cyber Join to apply for the
GRC Manager
role at
MorganFranklin Cyber This range is provided by MorganFranklin Cyber. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range $150,000.00/yr - $180,000.00/yr
Position Overview We are seeking an experienced Governance, Risk, and Compliance (GRC) Director to join our organization and lead information security and compliance initiatives. This role will be responsible for developing, implementing, and maintaining our GRC program to ensure compliance with healthcare and payment data protection regulations while safeguarding patient and financial information.
Key Responsibilities
Develop and maintain comprehensive GRC policies, procedures, and standards aligned with HIPAA, HITECH, PCI DSS, and other healthcare regulations
Lead compliance efforts for regulatory and industry requirements including Joint Commission, CMS, PCI DSS, and state-specific mandates
Oversee the organization’s PCI DSS compliance program, including quarterly scans, self‑assessment questionnaires (SAQs), and audit readiness
Coordinate with acquiring banks, payment vendors, and Qualified Security Assessors (QSAs) during PCI DSS assessments
Manage internal and external audit processes, coordinating responses and remediation activities across HIPAA and PCI DSS domains
Maintain and update the organization’s risk register, control library, and compliance documentation
Serve as primary liaison with regulatory bodies, external auditors, and PCI compliance partners
Conduct regular risk assessments across clinical, administrative, and payment processing systems
Identify, analyze, and prioritize information security and operational risks related to cardholder data environments (CDEs)
Develop and implement risk mitigation strategies that address both healthcare and payment data risks
Monitor key risk indicators and report compliance metrics to executive leadership
Facilitate vendor risk assessments and third‑party PCI compliance evaluations
Utilize Microsoft security and compliance offerings including Microsoft Purview, Defender, and Azure Security Center
Leverage Rapid7 platform for vulnerability management, threat detection, and security analytics
Ensure segmentation and protection of the PCI cardholder data environment (CDE) using appropriate network and endpoint controls
Implement and maintain GRC tools and platforms to automate compliance workflows for HIPAA, PCI DSS, and other frameworks
Generate compliance reports and dashboards for stakeholders, including PCI DSS compliance status reports
Program Development
Design and deliver security awareness and training programs for staff, including PCI awareness for employees handling payment data
Establish and maintain incident response procedures and business continuity plans that address potential payment card data breaches
Lead cross‑functional teams in compliance projects related to HIPAA, HITECH, and PCI DSS
Develop and track key performance indicators (KPIs) for the GRC program
Foster a culture of security and payment data protection awareness throughout the organization
Required Qualifications
Education & Certifications
Bachelor's degree in Information Security, Healthcare Administration, Computer Science, or related field
One or more relevant certifications required: CISSP, CISM, CISA, or PCI Professional (PCIP) preferred
Epic and Microsoft Azure certification(s) preferred
Experience
5+ years of experience in GRC, information security, or compliance roles
3+ years of experience in a healthcare IT environment
Demonstrated experience managing compliance programs for HIPAA and PCI DSS
Experience with Microsoft security and compliance tools (Purview, Defender, Azure Security)
Hands‑on experience with Rapid7 platform for vulnerability and threat management
Working knowledge of Epic EHR security and compliance
Proven track record leading cross‑regulatory compliance initiatives (e.g., HIPAA + PCI DSS overlap management)
Technical Knowledge
Deep understanding of HIPAA Security and Privacy Rules, HITECH Act, and PCI DSS requirements
Strong knowledge of healthcare compliance frameworks and payment data protection standards
Proficiency with Microsoft 365 security stack and Azure security services
Experience with vulnerability management, penetration testing coordination, and remediation
Understanding of Epic security architecture, access controls, and audit functions
Familiarity with ISO 27001, NIST CSF, and PCI DSS control frameworks
Excellent analytical and problem‑solving abilities
Strong communication skills with ability to present to executive leadership and external assessors
Project management capabilities with attention to detail
Ability to translate technical compliance requirements (HIPAA, PCI) into business‑friendly language
Collaborative approach with cross‑functional teams
Strategic thinking balanced with tactical execution
Why Join Us
Opportunity to make a significant impact in a dynamic and growing company.
Collaborative and inclusive work environment.
Perks
Unmatched career growth opportunities.
Work with top leaders in the Cybersecurity field.
A flexible, independent work environment to excel.
Culture at our Core At MorganFranklin Cyber, our culture is the cornerstone of our success. We believe in fostering a positive, collaborative, and innovative work environment where every team member is empowered to thrive. Our core tenets guide us in everything we do, ensuring that we prioritize integrity, teamwork, and continuous growth. We are committed to making a meaningful impact for our clients and our community.
MorganFranklin Cyber is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Consulting
Industries IT Services and IT Consulting
#J-18808-Ljbffr
GRC Manager
role at
MorganFranklin Cyber Join to apply for the
GRC Manager
role at
MorganFranklin Cyber This range is provided by MorganFranklin Cyber. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.
Base pay range $150,000.00/yr - $180,000.00/yr
Position Overview We are seeking an experienced Governance, Risk, and Compliance (GRC) Director to join our organization and lead information security and compliance initiatives. This role will be responsible for developing, implementing, and maintaining our GRC program to ensure compliance with healthcare and payment data protection regulations while safeguarding patient and financial information.
Key Responsibilities
Develop and maintain comprehensive GRC policies, procedures, and standards aligned with HIPAA, HITECH, PCI DSS, and other healthcare regulations
Lead compliance efforts for regulatory and industry requirements including Joint Commission, CMS, PCI DSS, and state-specific mandates
Oversee the organization’s PCI DSS compliance program, including quarterly scans, self‑assessment questionnaires (SAQs), and audit readiness
Coordinate with acquiring banks, payment vendors, and Qualified Security Assessors (QSAs) during PCI DSS assessments
Manage internal and external audit processes, coordinating responses and remediation activities across HIPAA and PCI DSS domains
Maintain and update the organization’s risk register, control library, and compliance documentation
Serve as primary liaison with regulatory bodies, external auditors, and PCI compliance partners
Conduct regular risk assessments across clinical, administrative, and payment processing systems
Identify, analyze, and prioritize information security and operational risks related to cardholder data environments (CDEs)
Develop and implement risk mitigation strategies that address both healthcare and payment data risks
Monitor key risk indicators and report compliance metrics to executive leadership
Facilitate vendor risk assessments and third‑party PCI compliance evaluations
Utilize Microsoft security and compliance offerings including Microsoft Purview, Defender, and Azure Security Center
Leverage Rapid7 platform for vulnerability management, threat detection, and security analytics
Ensure segmentation and protection of the PCI cardholder data environment (CDE) using appropriate network and endpoint controls
Implement and maintain GRC tools and platforms to automate compliance workflows for HIPAA, PCI DSS, and other frameworks
Generate compliance reports and dashboards for stakeholders, including PCI DSS compliance status reports
Program Development
Design and deliver security awareness and training programs for staff, including PCI awareness for employees handling payment data
Establish and maintain incident response procedures and business continuity plans that address potential payment card data breaches
Lead cross‑functional teams in compliance projects related to HIPAA, HITECH, and PCI DSS
Develop and track key performance indicators (KPIs) for the GRC program
Foster a culture of security and payment data protection awareness throughout the organization
Required Qualifications
Education & Certifications
Bachelor's degree in Information Security, Healthcare Administration, Computer Science, or related field
One or more relevant certifications required: CISSP, CISM, CISA, or PCI Professional (PCIP) preferred
Epic and Microsoft Azure certification(s) preferred
Experience
5+ years of experience in GRC, information security, or compliance roles
3+ years of experience in a healthcare IT environment
Demonstrated experience managing compliance programs for HIPAA and PCI DSS
Experience with Microsoft security and compliance tools (Purview, Defender, Azure Security)
Hands‑on experience with Rapid7 platform for vulnerability and threat management
Working knowledge of Epic EHR security and compliance
Proven track record leading cross‑regulatory compliance initiatives (e.g., HIPAA + PCI DSS overlap management)
Technical Knowledge
Deep understanding of HIPAA Security and Privacy Rules, HITECH Act, and PCI DSS requirements
Strong knowledge of healthcare compliance frameworks and payment data protection standards
Proficiency with Microsoft 365 security stack and Azure security services
Experience with vulnerability management, penetration testing coordination, and remediation
Understanding of Epic security architecture, access controls, and audit functions
Familiarity with ISO 27001, NIST CSF, and PCI DSS control frameworks
Excellent analytical and problem‑solving abilities
Strong communication skills with ability to present to executive leadership and external assessors
Project management capabilities with attention to detail
Ability to translate technical compliance requirements (HIPAA, PCI) into business‑friendly language
Collaborative approach with cross‑functional teams
Strategic thinking balanced with tactical execution
Why Join Us
Opportunity to make a significant impact in a dynamic and growing company.
Collaborative and inclusive work environment.
Perks
Unmatched career growth opportunities.
Work with top leaders in the Cybersecurity field.
A flexible, independent work environment to excel.
Culture at our Core At MorganFranklin Cyber, our culture is the cornerstone of our success. We believe in fostering a positive, collaborative, and innovative work environment where every team member is empowered to thrive. Our core tenets guide us in everything we do, ensuring that we prioritize integrity, teamwork, and continuous growth. We are committed to making a meaningful impact for our clients and our community.
MorganFranklin Cyber is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.
Seniority level Mid‑Senior level
Employment type Full‑time
Job function Consulting
Industries IT Services and IT Consulting
#J-18808-Ljbffr