Director- GRC Cybersecurity

Position Summary:

We are seeking an experienced and strategic Director GRC Cybersecurity to lead our Cybersecurity risk and governance efforts for India/Philippines market of R1 RCM.

This role will be responsible for overseeing the cybersecurity risk posture of the organization, client onboarding/offboarding processes, supporting security audits, and ensuring compliance with HIPAA, HITECH, and other healthcare regulatory frameworks.

The ideal candidate will bring strong leadership, a deep understanding of healthcare cybersecurity risks, and the ability to operationalize governance processes at scale.

Key duties & responsibilities

Cybersecurity Risk Governance

• Lead the third-party cybersecurity risk management program with a focus on PHI/PII protection, HIPAA compliance, and critical vendor oversight.
• Drive assessments aligned with NIST CSF and ISO framework to evaluate and mature cybersecurity program
• Establish and maintain exception management, approval management and periodic monitoring
• Collaborate with global cybersecurity and IT teams for implementing automation through GRC tools.
• Oversee onboarding and offboarding processes to ensure alignment with security policies, BAAs (Business Associate Agreements), and regulatory requirements.
• Monitor and govern third-party relationships, conducting periodic risk assessments and ensuring timely remediation of findings.

Security awareness and culture

• Design and oversee India and Philippines cybersecurity awareness and training program for employees, contractors and vendors
• Develop and communicate governance dashboards and awareness campaigns to foster a culture of shared cybersecurity responsibility
• Evaluate effectiveness of training program and tailor it based on organizational requirements

Audit & Compliance Leadership:

• Serve as key POC for client, regulatory, and third-party cybersecurity audits.
• Ensure readiness and timely response for HIPAA, SOC 2, CERT-IN assessments, and client cybersecurity reviews and audits
• Lead audit coordination across departments, track findings, and drive remediation activities to closure.
• Represent the organization during client cybersecurity audits and on-site reviews.

Governance Frameworks, Metrics & Reporting:

• Establish and maintain standard operating procedures for the organization, client onboarding/offboarding, and evidence handling.
• Define and report on KPIs and KRIs for cybersecurity governance.
• Develop executive dashboards and actionable insights for leadership, audit committees, and compliance teams.

Cross-Functional Collaboration & Risk Advisory:

• Work closely with Legal, Procurement, Compliance, and Privacy teams to embed cybersecurity controls into contracts, RFPs, and vendor due diligence.
• Advise internal business owners on security risks, remediation plans, and vendor-related compliance obligations.

Qualification

• Bachelors or Masters degree in Technology, Cybersecurity, Risk Management, or a related field.

Experience, Skills and Knowledge

• 12+ years of cybersecurity or GRC experience, with at least 5 years in a leadership role, ideally in a healthcare organization or health-tech environment.
• Good understanding of HIPAA, HITECH, HITRUST, ISO 27001, CERT-IN and regulatory frameworks.
• Proven experience managing cybersecurity risk and audit programs at scale.
• Excellent communication skills, with ability to interface with clients, vendors, operational, legal, and IT leadership.

Key competency profile

• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• HITRUST CCSFP or ISO 27001 Lead Implementer