• Director of IT Risk and Compliance

    BrightSpring Health Services (Louisville, KY)


    Our Company

     

    BrightSpring Health Services

     

    Overview

     

    The Director of IT Risk and Compliance will lead the organization's efforts to identify, assess, and mitigate IT-related risks while ensuring adherence to regulatory and industry standards. This role will oversee the development and enforcement of security policies, manage the risk register, and foster a culture of security awareness. The Director will collaborate cross-functionally with IT, Legal, HR, Compliance, and business units, serving as a key liaison with external auditors to maintain compliance and safeguard organizational assets.

    Responsibilities

    Risk Management:

    o Lead the development and management of the company’s Risk Register, ensuring all identified IT risks are accurately documented and regularly updated.

    o Oversee Risk Assessments to evaluate and prioritize security risks, vulnerabilities, and threats across the organization.

    o Conduct periodic Vendor Risk Management assessments to evaluate the security posture and compliance of third-party vendors.

    Compliance Management:

    o Ensure adherence to relevant regulatory requirements, including SOX, SOC, HIPAA, NIST CSF, CIS, and HITRUST, and keep the organization prepared for audits.

    o Develop and maintain IT General Controls to ensure compliance with applicable regulatory frameworks and best practices.

    o Manage the organization’s Security Awareness program to ensure employees are educated on best practices, risks, and security policies.

    Security Policy Development and Enforcement:

    o Lead the development, implementation, and enforcement of IT Security Policies to safeguard the organization’s IT infrastructure, data, and operations.

    o Review and update security policies and procedures to remain compliant with regulatory and industry standards.

    Cross-Functional Collaboration:

    o Work closely with the IT, Legal, HR, Compliance, and Business Units to assess and manage risk, ensuring alignment with corporate objectives and risk appetite.

    o Collaborate with stakeholders to implement appropriate security controls and strategies.

    External Audits and Liaison:

    o Serve as the primary liaison with external auditors, assisting with audit planning, preparation, and the timely resolution of audit findings.

    o Coordinate the preparation of necessary documentation and evidence required for external audits related to IT risk and compliance.

    Qualifications

    + Bachelor’s degree in Information Technology, Cybersecurity, Business Administration, or a related field (Master’s degree preferred).

    + 7+ years of experience in IT Risk, Compliance, or Information Security, with at least 3 years in a leadership or management role.

    + Demonstrated expertise in Regulatory Compliance frameworks such as SOX, SOC, HIPAA, NIST CSF, CIS, HITRUST.

    + Strong understanding of IT General Controls (ITGCs), Risk Management, and Security Awareness Programs.

    + Experience working cross-functionally with IT, Legal, HR, Compliance, and business units.

    + Relevant certifications such as CISSP, CISM, CISA, CRISC, or equivalent preferred.

    + Strong knowledge of risk assessment methodologies and risk mitigation strategies.

    + Ability to develop, implement, and enforce security policies.

    + Exceptional interpersonal and communication skills with the ability to engage and influence senior leadership and cross-functional teams.

    + Strong analytical and problem-solving abilities.

    + Experience with vendor risk management and third-party assessments.

    + Travel up to 25%

     

    About our Line of Business

     

    BrightSpring Health Services provides complementary home- and community-based pharmacy and provider health solutions for complex populations in need of specialized and/or chronic care. Through the Company’s service lines, including pharmacy, home health care and primary care, and rehabilitation and behavioral health, we provide comprehensive and more integrated care and clinical solutions in all 50 states to over 450,000 customers, clients and patients daily. BrightSpring has consistently demonstrated strong and often industry-leading quality metrics across its services lines while improving the quality of life and health for high-need individuals and reducing overall costs to the healthcare system. For more information, please visitwww.brightspringhealth.com. Follow us onFacebook (https://www.facebook.com/brightspringHS) ,LinkedIn (https://www.linkedin.com/company/brightspringhealth) , andX (https://x.com/BrightSpringHS) .

     

    ALERT: We are aware of a scam whereby imposters are posing as employees from our company. Beware of anyone requesting financial or personal information. We take pride in creating a best-in-class candidate experience. During the recruitment process, no recruiter or employee will request financial or personal information (Social Security Number, credit card, driver’s license, bank information, or payment for work equipment, etc.) from you via text or email. If you are suspicious of a job posting or job-related email mentioning our company, please contact us at [email protected] .

     

    Click here (https://www.brightspringhealth.com/careers/frequently-asked-questions/) for additional FAQ information.

     

    Job LocationsUS-KY-LOUISVILLE

    ID 2025-171098

    Line of Business BrightSpring Health Services

     

    Position Type Full-Time