Apply now »

Lead Security GRC Analyst

About Providence

Providence, one of the US’s largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, ‘Health for a better world’, Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services.

Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US.

Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale.


Why Us?

  • Best In-class Benefits
  • Inclusive Leadership
  • Reimagining Healthcare
  • Competitive Pay
  • Supportive Reporting Relation

Job Description – Lead, Cybersecurity GRC Compliance Management

Role Summary

The Lead – Cybersecurity GRC Compliance Management is responsible for leading, governing, and continuously maturing the organization’s cybersecurity compliance program. This role provides strategic and operational leadership to ensure compliance with regulatory, legal, and internal cybersecurity requirements through strong governance, control assurance, audit readiness, and risk-based decision-making.

The role acts as a compliance leader and trusted advisor, partnering with Cyber Engineering, IT, Privacy, Legal, Risk Management, and Internal Audit teams to embed compliance by design into technology initiatives and enterprise operations.

Key Responsibilities

Compliance Program Leadership

- Lead enterprise-wide cybersecurity compliance programs aligned to HIPAA, NIST CSF, NIST 800-53, ISO 27001, CIS Benchmarks, PCI-DSS, and SOX

- Define compliance strategy, operating model, and annual roadmap aligned with enterprise risk appetite

- Ensure consistent interpretation and application of regulatory and security requirements across the organization

- Provide leadership oversight for compliance assessments, reviews, and remediation initiatives

Control Assurance & Risk Oversight

- Lead the cybersecurity control lifecycle including control design, implementation guidance, testing, evidence management, and continuous assurance

- Oversee compliance gap assessments and control maturity evaluations across platforms, applications, and infrastructure

- Review high-risk findings, drive prioritization, and ensure effective remediation and closure

- Support risk acceptance and exception decisions with clear articulation of residual risk and business impact

Policy, Standards & Governance

- Own the cybersecurity policy, standards, and procedures lifecycle including creation, review, approval, publication, and periodic refresh

- Ensure policies and standards align with regulatory requirements, industry frameworks, and evolving threat landscapes

- Chair or contribute to governance forums related to compliance, risk, and policy decisions

- Govern cybersecurity policy exceptions and deviations in alignment with formal risk acceptance processes

Audit, Regulatory & Assurance Leadership

- Lead coordination for internal audits, external audits, and regulatory examinations related to cybersecurity compliance

- Serve as the primary liaison between Cybersecurity, Internal Audit, Enterprise Risk, and regulatory stakeholders

- Ensure audit readiness, timely evidence submission, and closure of audit findings

- Drive improvements based on audit outcomes and regulatory feedback

Reporting, Metrics & Continuous Improvement

- Define and present executive-level compliance dashboards, KPIs, and risk metrics for leadership and governance forums

- Track compliance posture, control effectiveness, audit findings, and remediation progress

- Identify systemic compliance gaps, emerging regulatory risks, and improvement opportunities

- Drive automation, tooling enhancements, and process maturity across GRC and compliance functions

Required Skills & Experience

- 5–8+ years of experience in cybersecurity governance, risk, or compliance roles

- Demonstrated experience leading enterprise-scale cybersecurity compliance programs

- Strong knowledge of regulatory and security frameworks including HIPAA, NIST, ISO, PCI, and CIS

- Hands-on experience with audits, regulatory reviews, and control assurance

- Experience with enterprise GRC platforms and workflows (ServiceNow preferred)

- Strong leadership presence with the ability to influence senior stakeholders

- Excellent written and verbal communication skills, including executive reporting

Preferred Qualifications

- Experience in healthcare or other highly regulated industries

- Certifications such as CISA, CRISC, CISM, CISSP, or ISO 27001 Lead Implementer/Auditor

- Experience driving compliance maturity, automation, or transformation initiatives

Key Success Metrics

- Strong and sustainable cybersecurity compliance posture

- Improved audit outcomes and reduction in repeat findings

- Timely closure of high-risk compliance gaps

- Clear executive visibility into compliance and control health

- Mature, scalable, and well-governed compliance operations

Providence’s vision to create ‘Health for a Better World’ aids us to provide a fair and equitable workplace for all in our employment, whether temporary, part-time or full time, and to promote individuality and diversity of thought and background, and acknowledge its role in the organization’s success. This makes us committed towards equal employment opportunities, regardless of race, religion or belief, color, ancestry, disability, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. In furtherance to our mission in building a more inclusive and equitable environment, we shall, from time to time, undertake programs to assist, uplift and empower underrepresented groups including but not limited to Women, PWD (Persons with Disabilities), LGTBQ+ (Lesbian, Gay, Transgender, Bisexual or Queer), Veterans and others. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct.

Contact our Integrity hotline also, read our Code of Conduct.

Apply now »