Director IT Governance, Risk and Compliance

BlueCross BlueShield of Tennessee is seeking a strategic and experienced Director of IT Governance, Risk, and Compliance to lead our enterprise-wide technical compliance framework. In this role, you will be responsible for identifying and mitigating risk, ensuring adherence to applicable laws and regulations, and maintaining alignment with internal policies across the organization.

You’ll play a key role in developing and implementing governance structures, managing risk assessments, and overseeing compliance activities to uphold our ethical and legal standards.

In addition to the experience and skills below, ideal candidates will bring:

• A strong background in handling protected data, preferably within healthcare systems or the health insurance industry.
• At least three years of experience in supplier risk management.
• A location within the Southeastern U.S., as quarterly travel to our Chattanooga headquarters is required.
• A track record of working successfully across divisions to manage risk for the Enterprise.

This is a high-impact leadership opportunity for someone passionate about working cross-functionally to build resilient, compliant, and forward-thinking IT environments in a mission-driven healthcare organization.

Job Responsibilities

•  Developing and managing GRC strategy: Creating a comprehensive GRC program aligned with business objectives, including risk appetite, compliance frameworks, and governance processes. 
• Risk assessment and mitigation: Conducting regular risk assessments to identify potential risks across the organization, prioritizing them based on impact and likelihood, and developing mitigation strategies to address them effectively. 
• Compliance monitoring and reporting: Implementing systems to monitor compliance with relevant laws, regulations, and internal policies, identifying non-compliance issues, and reporting findings to senior management. 
• Policy and procedure development: Creating and maintaining clear policies and procedures related to governance, risk management, and compliance to ensure consistent implementation across the organization. Evaluating the effectiveness of internal controls and recommending improvements to safeguard assets and mitigate risks. 
• Vendor risk management: Assessing the compliance posture of third-party vendors and managing potential risks associated with vendor relationships. Leading the response to compliance incidents, including investigations, corrective actions, and reporting. 
• Training and awareness: Developing and delivering training programs to educate employees on compliance requirements, ethical conduct, and risk management practices. 

Job Qualifications

 Education

• Bachelor's Degree or equivalent work experience required. Equivalent experience is defined as 4 years of professional work experience in a corporate environment.

Experience

• 10 years of Governance, Risk and Compliance experience
• 5 years of management experience

Skills/Certifications

• Deep understanding of relevant compliance frameworks like HIPAA, NIST, and industry-specific regulations. 
• Strong analytical and problem-solving skills to identify and address potential risks 
• Excellent communication and interpersonal skills to collaborate with diverse stakeholders 
• Proven leadership experience in managing complex compliance initiatives 
• Experience with technical risk assessment methodologies and data analysis 
• Expertise in internal controls and audit procedures 
• Project management skills to execute GRC initiatives efficiently 
• CISA or CISM or CIPP or CISSP is required 

G14

Number of Openings Available:

Worker Type:

Company:

Applying for this job indicates your acknowledgement and understanding of the following statements:

BCBST will recruit, hire, train and promote individuals in all job classifications without regard to race, religion, color, age, sex, national origin, citizenship, pregnancy, veteran status, sexual orientation, physical or mental disability, gender identity, or any other characteristic protected by applicable law.

Further information regarding BCBST's EEO Policies/Notices may be found by reviewing the following page:

BCBST's EEO Policies/Notices

BlueCross BlueShield of Tennessee is not accepting unsolicited assistance from search firms for this employment opportunity. All resumes submitted by search firms to any employee at BlueCross BlueShield of Tennessee via-email, the Internet or any other method without a valid, written Direct Placement Agreement in place for this position from BlueCross BlueShield of Tennessee HR/Talent Acquisition will not be considered. No fee will be paid in the event the applicant is hired by BlueCross BlueShield of Tennessee as a result of the referral or through other means.