Director, Governance, Risk & Compliance jobs in United States
cer-icon
Apply on Employer Site
company-logo

NextGen Healthcare · 8 hours ago

Director, Governance, Risk & Compliance

positionUnited States
timeFull-time
remoteRemote
seniorityLead/Staff, Director/Executive
date4+ years exp

NextGen Healthcare is seeking a Director of Governance, Risk & Compliance to lead a team of analysts in building and maintaining an effective GRC program. The role involves collaborating with various departments to implement security controls, manage compliance initiatives, and oversee risk management processes.

AnalyticsElectronic Health Record (EHR)Health CareInformation ServicesMedical
check
H1B Sponsor Likelynote

Responsibilities

Establish IT audit procedures relevant to HITRUST/HIPAA, ISO 27001, SOC 2, and other data protection or privacy-related regulations
Provide governance and security oversight around the company’s adoption and use of AI, LLMs, and other generative-AI capabilities
Evaluate and test the design and operating effectiveness of technical and administrative security controls
Maintain and manage the Third-Party Risk Management program and integration with Vendor and Customer related Security obligations, requirements, and contractual agreements
Work closely with the CISO to develop and implement strategies for governance and compliance related to corporate-wide security initiatives
Design and implement data protection policies, process and procedures to align with HIPAA and Information Security policies, especially for cloud-hosted data environments and customer data handling throughout the development lifecycle
Implement and manage an Identity Governance Program to ensure appropriate authorization to key resources, including the development of a Role Based Access Control and Role Review process
Develop training programs and FAQs related to data protection, privacy and secure data handling procedures
Provide oversight and guidance for periodic security assessments to ensure compliance with information security policies and established security controls
Develop metrics and compliance dashboards to measure progress for security initiatives and communicate team accomplishments and the effectiveness of audited security controls and processes
Maintain and mature the Risk Register, Policy Exception Tracking, and Security Dashboard processes, standards, and components
Ensure applications, networks, systems, cloud services, people, and process are assessed, monitored and audited in accordance with security controls related to SOC 2, ISO 27001, HITRUST/HIPAA and the corporate Information Security Policy
Work closely with cross-functional teams to ensure security controls have been designed effectively and are working as intended
Identify control deficiencies and weaknesses and recommending remediation plans for improvements
Create, manage and hold staff accountable for corrective action plans (CAPs)
Implement a process for continuous improvement of IT controls
Work with internal and external resources to conduct and manage an assessment program for compliance requirements, including auditing and monitor privileged access to critical information systems; authentication and authorization processes; change control processes and IT operations processes
Work closely with the Engineering teams to automate monitoring and auditing to reduce manual effort required for compliance activities
Develop communication plans for executive-level reporting
Lead the team in the development and evolution of security roadmaps, embodiment of strategic plans, understanding controls and process gaps, providing architectural vision, and enabling the larger information security team
Hire, grow and retain team members to expand the team and its capabilities within the organization
Perform assessments of security tools, vendors, and solutions to support information security roadmap initiatives
Act as an advocate for mentoring and technical career growth in the information security organization
Act as a liaison with other internal NextGen teams or driving new capabilities, product investments, and research to fill coverage gaps
Provide assistance and guidance to Sales and Support teams across various customer engagements
Regularly provide key performance and risk indicator metrics for management visibility into the status, health, and maturity of the Information Security Program at NextGen

Qualification

GovernanceRisk & ComplianceIT audit proceduresInformation Security policiesData protection policiesHITRUST/HIPAA complianceISO 27001SOC 2Project managementAnalytical skillsVendor managementClient-facing discussionsOrganizational skillsDocumentation skillsTeam managementCommunication skills

Required

Bachelor's degree in Computer Science, Programming, Engineering, or similar field
Or, any combination of education and experience which would provide the required qualifications for the position
4+ years of experience in Information Security with an emphasis on IT audit, IT risk management and/or IT compliance
Prior experience with managing a GRC team
Extensive background in information security services and operations and the people, process, and technology components
Significant experience in fulfilling business needs through the development of solutions through well-organized processes
Experience in client-facing discussions with new and existing customers to discuss security controls and implementations
Significant Service Management and or vendor management experience
Knowledge of technical security control environments and compliance frameworks including CSA CCM, ISO 270001 and SOC 2, HITRUST/HIPAA and GDPR
Excellent analytical, technical and internal audit skills
Excellent organizational and documentation skills
Strong project management skills highly desired
Proven ability to manage priorities & deadlines and to work independently in a highly dynamic and diverse environment with multiple concurrent projects happening simultaneously
Appropriate certifications a plus

Company

NextGen Healthcare

twittertwittertwitter
Glassdoor2.9
company-logo
NextGen Healthcare offers a range of software, services, and analytics solutions to medical and dental group practices. It is a sub-organization of Quality Systems.
dateFounded in 2001
location
Irvine, California, USA
people-size1001-5000 employees
web-link
http://www.nextgen.com

H1B Sponsorship

NextGen Healthcare has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2024 (4)
2023 (4)
2022 (3)

Funding

Current Stage
Late Stage
Total Funding
unknown
Key Investors
Mumbai Angels
2025-05-02Acquired
2015-02-16Series Unknown

Leadership Team

leader-logo
David Sides
Board Member
linkedin

Recent News

Behavioral Health Business
NEW DATA: 9 Datapoints Show Why One Large BH Provider is All In on AI
2025-12-21
PR Newswire
Basata Taps Former NextGen Healthcare Executive Brandon Theophilus to Lead Growth Strategy
2025-11-18
Business Wire
NextGen Healthcare Announces New AI-Centric Future and Unveils Nia™, its Core EHR Orchestration Agent, at 28th Annual User Group Meeting
2025-11-14
Company data provided by crunchbase