Director, Governance, Risk & Compliance

Director, Governance, Risk & Compliance – Fresenius Medical Care

Lexington, Massachusetts (Remote)

As Director of Governance, Risk & Compliance, you will manage Information Security Governance, Risk, and Compliance programs across global business units. You will work with cross‑functional stakeholders to identify, assess, and remediate security risks, define potential business impact, and ensure that mitigation strategies and controls are effectively applied.

Responsibilities

• Manage tactical execution of short‑ and long‑term IT governance and security objectives, coordinating IT infrastructure and systems activities, and delivering results on cost, methods, and staffing.
• Oversee coordination of Information Security activities, prioritizing workflows and staffing assignments.
• Provide technical guidance and lead various IT governance and security programs and projects.
• Lead process improvement documentation related to IT security and compliance management.
• Apply technical proficiency and knowledge of industry practices and business principles to evaluate diverse situations and data.
• Manage a program to protect, govern, and monitor cybersecurity across business units, meeting specific compliance requirements.
• Direct an organization‑wide Incident Management Program in collaboration with Legal, IT, and Compliance.
• Lead the implementation and enhancement of a Cybersecurity Governance Program, including frameworks, standards, measures, reporting, practices, and procedures to meet regulatory or contractual requirements (NIST, ISO 27001/02, PCI, CCPA, GDPR).
• Develop and maintain strong partnerships with Senior IT, Legal, Compliance, HR, Internal Audit, and others to ensure effective adoption of cybersecurity compliance responsibilities.
• Participate and present at meetings with internal and external stakeholders to establish cooperative effort for team projects.
• Identify gaps and ensure remediation plans are developed to mitigate IT security vulnerabilities, exceptions, and defects.
• Ensure security technology is configured and operated per established requirements and standards.
• Collaborate with incident response, threat intelligence, and vulnerability management teams to drive remediation of security vulnerabilities based on quantified risk.
• Assist in implementing the eGRC (Enterprise Governance, Risk & Compliance) tool to support organization wide governance, risk, and compliance efforts.

Requirements

• Education: Bachelor’s degree (or equivalent foreign degree) in Information Science, Computer Science or a closely related field.
• Experience: 8 years of experience as an IT Program Manager, including 5 years working with IT governance, risk and controls frameworks (NIST CSF, 800‑53, COBIT, ITIL, ISO 27001, HITRUST, Cloud Security Alliance, etc.).
• Regulatory: Experience identifying, assessing, and mitigating regulatory and compliance risk.
• Technical: Cloud infrastructure, networking, access controls, change management, and project management using PMBOK/PMP processes.

Salary: $239,179 – $263,097 per year (40‑hour work week).

Telecommuting position working from home; may reside anywhere in the United States. Requires approximately 10% domestic and international travel by air.

EOE, disability/veterans.