Director, Information Security, Governance, Risk and Compliance (GRC)

Consensus Cloud Solutions is a publicly traded, leading digital cloud fax and interoperability solutions organization in the United States and globally, focusing on connecting and empowering healthcare providers, payers, care teams, and technology innovators to unify multiple systems that wouldn’t otherwise talk to each other. Consensus is a trailblazer in our industry and believes that data transformation will reshape the world of healthcare.

Founded over 25 years ago, Consensus leverages its technology heritage to move from simple digital documents to advanced healthcare standards (HL7/FHIR) for secure data transport, as well as Natural Language Processing (NLP) and Artificial Intelligence (AI) to convert unstructured to structured, analytics-ready data, helping users unveil information that is meaningful and actionable for better patient care.

With more than 11 million users worldwide, Consensus leads the industry in data exchange solutions and we’re only getting started! With exciting new initiatives on the horizon, we are continuing our strategic expansion and we are looking to add to our diverse team of innovators.

Now is the ideal time to join us in our mission to solve healthcare’s biggest challenges, and work collaboratively with a diverse team of like-minded self-starters and partners to accomplish it.

Consensus Cloud Solutions is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive and equitable environment for all employees. We offer many remote and hybrid career opportunities.

How You Will Impact The Organization…

In this role, you will lead a team of information security GRC professionals to achieve certifications like HITRUST, ISO 27001, SOC 2, PCI, and FedRAMP, demonstrating cybersecurity assurance for internal operations and customers. You will collaborate with executives and various departments, including Engineering, Product Development, IT, Network Operations, Project Management, Sales, Marketing, Legal, Internal Audit, HR, and external partners, to maintain a top-tier security risk and compliance posture for Consensus Cloud Solutions. Daily interaction with Security Operations and Security Engineering teams is essential to ensure synergy, compliance monitoring, and support for security incident responses. Reporting to the VP of Information Security and CISO, you will be pivotal in strengthening our unified security and compliance framework. Responsibilities include managing security risk and compliance initiatives, conducting security training and phishing simulations, performing security vendor risk assessments, maintaining the customer-facing trust center, handling security inquiries, leading information security audits and product security certifications, coordinating business continuity exercises, continuous monitoring, and executive reporting. By aligning security initiatives with company goals, you will ensure our solutions remain secure, reliable, and trusted by customers.

The value you will deliver…

• Manage the organization's Security risks, risk registers, and treatment plans. Coordinate with business stakeholders and lead point-in-time and annual security risk assessments on SaaS, IaaS, and PaaS products and solutions. Leads GRC participation in SDLC to assure compliance with policy requirements.
• Lead a team of information security GRC professionals to streamline and accomplish security certifications and attestations on SaaS, IaaS, and PaaS products and solutions covering HITRUST, ISO 27001, SOC 2, PCI, and FedRAMP annually, demonstrating cybersecurity assurance internally and to customers.
• Collaborate with staff across multiple products and departments, including Engineering, Product Development, IT, Network Operations, Project Management, Sales, Marketing, Legal, Internal Audit, HR, and external partners to maintain a world-class security risk and compliance posture for the company.
• Conduct company-wide security training, phishing simulations, and awareness programs to educate employees on security best practices and reduce the risk of security incidents.
• Perform security vendor risk assessments to evaluate and manage third-party security risks, ensuring all vendors meet the company’s security standards.
• Develop and maintain a customer-facing trust center to provide transparency and build customer trust by clearly communicating the company's security practices and certifications.
• Handle security inquiries from customers promptly and accurately, enhancing customer confidence in the company’s security posture.
• Manage information security audits to assess and improve the company’s security posture and ensure continuous compliance with industry standards and frameworks. This includes user access reviews and other key security measures.
• Coordinate business continuity exercises with the BCP's owners to prepare for and respond to potential disruptions, ensuring the company’s operational resilience.
• Implement continuous real-time monitoring with security operations to identify and address non-conformities, security configuration baseline drifts, security risks, and threats while maintaining a proactive security stance across all products.
• Provide executive and board of directors reporting on the company's security status, initiatives, and risk management efforts to ensure informed decision-making at the highest levels.
• Develop and enforce robust security policies and procedures that align with the organization's goals and objectives, ensuring comprehensive security coverage and compliance across all products.
• Align security initiatives with the company’s strategic goals to ensure that all solutions remain secure, reliable, and trusted by customers, supporting the company’s overall mission and business objectives.
• Manage the design and implementation of GRC tooling and applications to ensure budget alignment and full utilization.
• Manage programs and projects for GRC functions to ensure milestones are met and initiatives are on track within budget.
• The role is crucial in overseeing the design and implementation of the organization's information security GRC program, including vendor risk, cloud security compliance, risk management, and organizational, administrative, and technical security controls. They ensure that security compliance is integral to the cloud technology stack.
• Identifying, selecting, and implementing information security GRC tools and technologies that align with the organization's security program is an essential responsibility. This may include GRC platforms, training and awareness systems, third-party risk management solutions, and identity management systems.
• Providing guidance and expertise to development and IT teams on designing and implementing secure and compliant solutions is critical. The role helps teams make informed decisions about technology and compliance choices that prioritize security.
• Perform other duties and responsibilities as required, assigned, or requested. Consensus reserves the right to add or change duties at any time.
  
  
  

What You Will Bring To The Table…

• 10+ years experience in Information Security GRC role.
• 8+ years of experience with GRC platforms for risk register management.
• 6+ years of experience with Third-Party Risk Management (TPRM) platforms for risk register management.
• 6+ years of experience with AWS cloud technologies.
• 5+ years of experience leading and managing GRC professionals or equivalent experience.
• Holding relevant security certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Information Systems Auditor (CISA) that are active and in good standing or ability to obtain within 12 months of hire.
• Proficiency in developing and conducting company-wide security training, phishing simulations, and awareness programs to educate employees on security best practices and reduce the risk of security incidents.
• Experience in performing security vendor risk assessments to evaluate and manage third-party security risks effectively, ensuring vendors meet the organization’s security standards.
• Ability to develop and maintain a customer-facing trust center to provide transparency and build trust with customers by clearly communicating the company’s security practices and certifications.
• Skill in handling security inquiries from customers promptly and accurately, enhancing customer confidence in the organization’s security posture.
• Experience in managing information security audits to assess and improve the company’s security posture and compliance with industry standards and regulatory requirements.
• Proficiency in overseeing product security certifications to ensure all products meet necessary security requirements and maintain their certifications.
• Knowledge of business continuity exercises and the ability to coordinate and conduct them to prepare for and respond to potential disruptions, ensuring operational resilience.
• Ability to implement continuous monitoring and assessment programs to identify and address security threats in real time, maintaining a proactive security stance.
• Experience in providing executive and board of directors reporting on the company’s security status, initiatives, and risk management efforts to ensure informed decision-making.
• Skill in developing and enforcing robust security policies and procedures that align with the organization’s goals and objectives, ensuring comprehensive security coverage.
• Ability to develop, update, and enforce information security policies, standards, and procedures that align with industry and regulatory requirements while ensuring they are practical and effective for cloud-based solutions and infrastructures like AWS.
• Proficiency in identifying, assessing, prioritizing, and managing information security risks and experience in developing risk mitigation strategies for SaaS, IaaS, and PaaS-based products and solutions.
• Knowledge of regulatory requirements (e.g., GDPR, HIPAA) and experience managing compliance assessments, audits, and regulatory inspections on cloud-based products and solutions.
• Security Certifications and Attestations: Experience in achieving and maintaining security certifications and attestations on cloud-based products and solutions (e.g., HITRUST, ISO 27001, SOC 2, PCI, FedRAMP) and ability to manage audit preparations and responses.
• Ability to collaborate effectively across departments, including Engineering, Product Development, IT, Network Operations, Project Management, Sales, Marketing, Legal, Internal Audit, HR, and external partners.
• Understanding security operations and incident response procedures and experience in collaborating with security operations teams to ensure effective incident response for on-premise and cloud-based systems.
• Ability to perform security vendor risk assessments and manage third-party security risks effectively.
• Experience in developing and conducting company-wide security training, phishing simulations, and awareness programs.
• Experience coordinating business continuity exercises and maintaining business continuity and disaster recovery plans.
• Ability to implement and manage continuous monitoring and assessment programs to identify and mitigate security risks in real time.
• Strong written and verbal communication skills, with experience preparing and presenting reports and recommendations to senior leadership and the board of directors.
• Ability to align security initiatives with the company’s strategic goals and business objectives, and experience in developing and executing security strategies.
• Ability to develop and enforce robust security policies and procedures that align with organizational goals and objectives.
• Commitment to ethical behavior and integrity in all aspects of information security governance, risk, and compliance.
• Strong analytical and problem-solving skills, with the ability to analyze complex issues and propose practical solutions.
• Ability to adapt to changing business needs and priorities and resilience to handle setbacks and challenges while maintaining a positive approach.
• Commitment to understanding and meeting the security needs and expectations of customers and experience in building customer trust through transparent security practices.
• Ability to design and implement a unified security compliance framework to streamline security audits and secure network, system, and application architecture.
• Experience managing and mentoring a team of information security GRC specialists.
• Ability to conduct or oversee penetration testing, code reviews, and security assessments.
• Experience coordinating and responding to security incidents, including investigation, containment, and recovery.
• Ability to select and implement security tools and technologies to enhance security posture.
• Experience conducting security audits and reporting to senior management regularly.
• Ability to stay informed about emerging cybersecurity threats and incorporate threat intelligence into security strategies.
• Maintaining a solid technical understanding of cybersecurity technologies, protocols, and trends.
• Perform other duties and responsibilities as required, assigned, or requested. Consensus reserves the right to add or change duties at any time.
  
  
  

You will stand out if you also have…

• Bachelor's degree in computer science, information technology, cybersecurity, or equivalent experience. A master's degree may be preferred.
• Typically 6-8 years of experience in cybersecurity and information security roles.
• Proven experience in security compliance, risk management, and integrating security compliance into software development processes.
• Proficiency in various cybersecurity technologies and tools, including security training and awareness tools, vendor risk management tools, and security compliance and risk register tools.
• Hands-on experience with security assessment and security benchmarking testing tools.
• Familiarity with security information and event management (SIEM) systems.
• Experience in deployment of cloud controls for infrastructure, platform, and applications (IaaS/SaaS/PaaS), specifically within AWS.
  
  
  

Additional Details…

• Location requirements: Fully remote within the U.S. (Los Angeles, Las Vegas or Braintree, Massachusetts preferred.)
• Travel requirements: Up to 10% travel.
• Physical requirements: Must be able to sit for long periods, as well as, handle long periods of screen time.
• Technology requirements: Reliable, high speed internet
• Eligible for sponsorship: No
• Security clearance: Ability to achieve and maintain a security clearance with the U.S. Government is required
  
  
  

The salary range for this role is up to $175,000 USD. The total compensation package for this position is negotiable and may also include [annual performance bonus, ESPP, enhanced time off packages and benefits.]

We are not accepting agency submissions for this role.