Director Cybersecurity | Governance, Risk and Compliance
Company: Avera Health
Location: Lennox
Posted on: April 1, 2026
|
|
|
Job Description:
Location: Avera Downtown Building-Sioux Falls Worker Type:
Regular Work Shift: Day/Evening/Weekend/Holiday Shift (United
States of America) Position Highlights You Belong at Avera Be part
of a multidisciplinary team built with compassion and the goal of
Moving Health Forward for you and our patients. Work where you
matter. A Brief Overview The director of governance, risk
management and compliance (GRC) provides leadership and direction
for Avera's GRC requirements. The director is responsible for
establishing and maintaining the company's overall IT and security
GRC program, as well as for developing and managing an
enterprise-wide information GRC program. The role includes
implementation and maintenance of policies, as well as a
comprehensive controls framework with third-party risk management.
The director ensures Avera's technical systems and information
assets are protected. Responsible for identifying, evaluating and
reporting on information security risks that are important for the
business to be aware of and act on accordingly. The director works
in tandem with cybersecurity leadership to elevate Avera's security
posture. The director of GRC must be able to influence and lead the
GRC security strategy of Avera within new and existing information
system capabilities. The position requires a diverse background to
understand a variety of systems, including new technologies and
legacy systems considered business-critical. What you will do GRC
Team Leadership & Strategy: (a) Lead the Governance, Risk, and
Compliance (GRC) team in advancing a security maturation program.
(b) Direct the team to document, communicate, and enforce security
improvements that balance risk with operational efficiency. (c)
Provide leadership in managing third-party, vendor, and partner
oversight, emphasizing privacy, security, and compliance. (d)Act as
a key escalation point for risk identification and mitigation
planning. Security Oversight & Risk Management: (a) Ensure rigorous
oversight of security systems and configurations to reduce
enterprise risk. (b) Guide the team in confirming safeguards
against risks from external entities. (c) Maintain strategies for
managing audits, compliance checks, and external assessments.
Business Integration & Operational Alignment: (a) Collaborate with
business units during solution onboarding to ensure security
controls are in place. (b)Oversee vendor risk assessments and
enforce consistent process adherence across departments. (c)Inspire
adoption of cybersecurity controls to reduce the organizational
attack surface. Compliance & Audit Engagement: (a) Liaise with
internal and external auditors to implement and maintain compliance
with privacy and security laws. (b) Align team efforts with audit
and risk management leadership for ongoing assessments and
strategic planning. Metrics, Reporting & Program Evaluation: (a)
Influence and validate metrics used to assess the success of the
security program. (b) Regularly report program performance to
security and business leadership. (c) Promote alignment with
enterprise risk management principles in documentation and system
configuration. Incident Response & Documentation: (a) Assign team
members to monitor and document incident response activities. (b)
Ensure thorough tracking of security incidents, resolutions, and
lessons learned. Security Awareness & Communication: (a) Maintain
up-to-date knowledge of regulatory, privacy, and security best
practices. (b) Effectively communicate GRC controls and security
practices across business units, including third-party integrations
and financial systems. Responsibilities include interviewing,
hiring, developing, training, and retaining employees; planning,
assigning, and leading work; appraising performance; rewarding and
coaching employees; addressing complaints and resolving problems.
Essential Qualifications The individual must be able to work the
hours specified. To perform this job successfully, an individual
must be able to perform each essential job function satisfactorily
including having visual acuity adequate to perform position duties
and the ability to communicate effectively with others, hear,
understand and distinguish speech and other sounds. These
requirements and those listed above are representative of the
knowledge, skills, and abilities required to perform the essential
job functions. Reasonable accommodations may be made to enable
individuals with disabilities to perform the essential job
functions, as long as the accommodations do not cause undue
hardship to the employer. Required Education,
License/Certification, or Work Experience: Bachelor's in computer
science, cybersecurity or similar. At least 10 years cybersecurity
or information technology experience. Demonstrated leadership
experience and understanding of various regulatory requirements and
laws. Proven understanding of business focus and processes, and
ability to inject cybersecurity into the business through teamwork
and influence Preferred Education, License/Certification, or Work
Experience: Master's in computer science, cybersecurity or similar.
Certified Information Systems Security Professional (CISSP) -
International Information System Security Certification Consortium
(ISC2) Certified Information Security Manager (CISM) - ISACA
Certified Information Systems Auditor (CISA) - ISACA Certified
Cloud Security Professional (CCSP) - International Information
System Security Certification Consortium (ISC2) At least 5 years
leadership experience. Understanding of service design, delivery
concepts and control frameworks. Expectations and Standards
Commitment to the daily application of Avera’s mission, vision,
core values, and social principles to serve patients, their
families, and our community. Promote Avera’s values of compassion,
hospitality, and stewardship. Uphold Avera’s standards of
Communication, Attitude, Responsiveness, and Engagement (CARE) with
enthusiasm and sincerity. Maintain confidentiality. Work
effectively in a team environment, coordinating work flow with
other team members and ensuring a productive and efficient
environment. Comply with safety principles, laws, regulations, and
standards associated with, but not limited to, CMS, The Joint
Commission, DHHS, and OSHA if applicable. Benefits You Need & Then
Some Avera is proud to offer a wide range of benefits to qualifying
part-time and full-time employees. We support you with
opportunities to help live balanced, healthy lives. Benefits are
designed to meet needs of today and into the future. PTO available
day 1 for eligible hires. Up to 5% employer matching contribution
for retirement Career development guided by hands-on training and
mentorship Avera is an Equal Opportunity Employer - Qualified
applicants will receive consideration for employment without regard
to race, color, religion, sex, national origin, disability, Veteran
Status, or other categories protected by law. If you are an
individual with a disability and would like to request an
accommodation for help with your online application, please call
1-605-504-4444 or send an email to talent@avera.org .
Keywords: Avera Health, Sioux Falls , Director Cybersecurity | Governance, Risk and Compliance, IT / Software / Systems , Lennox, South Dakota
