Cybersecurity GRC Manager, FCH - IT - SECURITY

Remote Full-time
Discover. Achieve. Succeed. #BeHere


Location: US:WI:MENOMONEE FALLS at our WOODLAND PRIME 400 facility.
This job is REMOTE.
FTE: 1.000000
Standard Hours: 40.00
Shift: Flexible 1st shift between 7 am and 5 pm
Shift Details: Holidays: Weekends:
Job Summary:

Healthcare security isn’t a compliance checkbox problem — it’s a patient safety problem. At Froedtert ThedaCare, the Cybersecurity GRC Manager owns the program that connects our governance posture to real-world risk outcomes for patients, clinicians, and the communities we serve across Wisconsin.
This is a high-visibility, high-autonomy leadership role inside a Cybersecurity & Infrastructure team that operates with strategic intent and operational rigor. You will build and run a team of 5+ GRC professionals, serve as the internal subject matter authority on compliance and risk, and translate complex regulatory requirements into actionable programs that the broader organization can execute against.
If you’ve built GRC programs from scratch (or rebuilt ones that needed it), know your way around a HIPAA gap analysis and a third-party risk assessment in equal measure, are people-focused, and lead with clarity rather than bureaucracy — this is the role for you
People Leadership
•Lead, mentor, and grow a team of 5+ GRC analysts and specialists across compliance, risk, policy, and awareness domains
•Establish clear role expectations, development pathways, and performance standards for each team member
•Foster a team culture that balances rigor with pragmatism — we care about outcomes, not just documentation

HIPAA & Healthcare Compliance
•Serve as the organization’s functional lead for HIPAA Privacy and Security Rule compliance, including ongoing gap assessment and remediation tracking
•Coordinate with Legal, Privacy, and Clinical Operations to ensure compliance obligations are understood and operationalized across the enterprise
•Oversee preparation for and response to regulatory inquiries, OCR investigations, and audit activity

Risk Management & Third-Party Risk
•Own the enterprise cybersecurity risk register, ensuring risks are identified, assessed, prioritized, and tracked to resolution
•Lead the third-party risk management program, including vendor onboarding assessments, ongoing monitoring, and risk-tiering across the supply chain
•Develop risk reporting for executive and board audiences, translating technical risk into business impact language

Policy & Controls Frameworks
•Own the cybersecurity policy lifecycle: authorship, review cadence, version control, approval workflows, and exception management
•Maintain alignment to NIST CSF, managing control mapping, evidence collection, and control effectiveness measurement
•Drive continuous improvement of the controls environment based on assessment findings, threat intelligence inputs, and regulatory changes

Audit & Assessment Management
•Serve as the primary point of contact and program lead for internal and external cybersecurity audits and assessments
•Coordinate evidence collection, manage stakeholder readiness, and oversee finding remediation tracking through to closure

•Develop and maintain audit-ready documentation across all GRC domains

Security Awareness & Phishing Simulation
• Own the enterprise security awareness program, including curriculum development, delivery scheduling, and effectiveness measurement
• Manage the phishing simulation program end-to-end: scenario design, cadence, metrics, and targeted follow-up training for at-risk populations

• Tailor awareness content for diverse audiences — from clinical staff to executive leadership — with a voice that educates rather than shames
EXPERIENCE DESCRIPTION:



• A minimum of six year experience in a related field.
• Prefer 3+ years leading or managing a team in a GRC, compliance, or risk management capacity
• Prefer experience in a healthcare or other highly regulated industry, with direct exposure to HIPAA compliance obligations
• Demonstrated experience managing a third-party risk program, including vendor assessments and risk tiering
• Prefer prior experience building or significantly maturing a GRC program, not just maintaining one
• Prefer experience managing external audits or assessments (SOC 2, HITRUST, OCR, internal audit, etc.)
EDUCATION DESCRIPTION:
A Bachelors degree is required.
Bachelors in Computer Science or similar degree is preferred.
SPECIAL SKILLS DESCRIPTION:
• In-depth knowledge of cybersecurity frameworks including but not limited to NIST CF, HITRUST CSF, ISO 27001.
• Experience in managing or leading security organizations responsible for GRC, Cybersecurity, Medical Device Security, Security Operations Centers.
• Understanding of general security concepts including but not limited to cryptography, DLP, Security Operations Center, Security Managed Services, SEM, FW, Audit.
• Demonstrated record of managing third party security services, preferably with the cloud providers.
• Experience in Healthcare industry is preferred.
• Ability to communicate and represent IT Security organization with all business partners and third party vendors.
• Strong oral, presentation, writing skills. and demonstrated record to deliver results.
• Ability to build relationships with business stakeholders of the IT Security program
• Familiarity with HIPAA Privacy and Security Rules and their operational implications for a large health system
• Ability to develop and present executive-level risk reporting that communicates risk in business impact terms
• Comfort operating in a matrixed environment with multiple stakeholder groups including Legal, HR, IT, Clinical Operations, and executive leadership




Certifications
• Prefer CISSP, CISM, CRISC, HCISPP, or equivalent certification

• Prefer Certified in Healthcare Privacy and Security (CHPS) or equivalent

Compensation, Benefits & Perks at Froedtert Health
Pay is expected to be between: (expressed as hourly) $49.15 - $84.07. Final compensation is based on experience and will be discussed with you by the recruiter during the interview process.
Froedtert Health Offers a variety of perks & benefits to staff, depending on your role you may be eligible for the following:
Paid time off
Growth opportunity- Career Pathways & Career Tuition Assistance, CEU opportunities
Academic Partnership with the Medical College of Wisconsin
Referral bonuses
Retirement plan - 403b
Medical, Dental, Vision, Life Insurance, Short & Long Term Disability, Free Workplace Clinics
Employee Assistance Programs, Adoption Assistance, Healthy Contributions, Care@Work, Moving Assistance, Discounts on gym memberships, travel and other work life benefits available


The Froedtert & the Medical College of Wisconsin regional health network is a partnership between Froedtert Health and the Medical College of Wisconsin supporting a shared mission of patient care, innovation, medical research and education. Our health network operates eastern Wisconsin's only academic medical center and adult Level I Trauma center engaged in thousands of clinical trials and studies. The Froedtert & MCW health network, which includes ten hospitals, nearly 2,000 physicians and more than 45 health centers and clinics draw patients from throughout the Midwest and the nation.

We are proud to be an Equal Opportunity Employer who values and maintains an environment that attracts, recruits, engages and retains a diverse workforce. We welcome protected veterans to share their priority consideration status with us at 262-439-1961. We maintain a drug-free workplace and perform pre-employment substance abuse testing. During your application and interview process, if you have a need that requires an accommodation, please contact us at 262-439-1961. We will attempt to fulfill all reasonable accommodation requests.
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Experienced Data Entry Specialist – Part-time Remote Opportunity with careerzynith

Remote

**Experienced Customer Service Representative – Work From Home Opportunities at arenaflex**

Remote

Experienced Risk Management Director – Data Science and Business Analytics

Remote

Regional Business Manager

Remote

Profi - Selbständige Außendienstpartner (m/w/d) (Bad Hersfeld, DE, 36251)

Remote

Surgical Account Manager - Twin Cities

Remote

Remote Bilingual Field Interviewer (Hmong/English)

Remote

Genetic Counsellor

Remote

**Experienced Data Entry Specialist and Transcriber – Remote Opportunity at arenaflex**

Remote

Apply Now: Need Substitute Teacher in Elmwood Park, NJ

Remote
← Back