The Governance, Risk and Compliance Director is a critical position within Teladoc Health’s Information Security team, and has governance, risk, and compliance responsibilities from a technology and security perspective across the organization. This position is responsible for building and enhancing the GRC team and portfolio of efforts to raise the overall security and compliance posture for Teladoc Health.
This individual will be directly responsible for implementing, maintaining, and improving policies, procedures, and internal controls to assure compliance with applicable regulatory and legal requirements as well as best practices.
The role will have a compliance and risk management focus under frameworks not limited to HIPAA Security and Privacy Rule, the HITRUST Common Security Framework (CSF), the Common Criteria (SOC 2), NIST Cybersecurity Framework, FedRAMP, ISO/IEC 27001 and others in a way that allows Teladoc Health to comply with compliance and risk management mandates.
- This individual will collaborate across various departments to identify and remediate gaps in compliance. This role will also be responsible for leading the following types of audits and activities:
- Internal compliance and procedural audits
- Vendor assessments to ensure compliance controls meet internal and customer expectations
- SOC 2 Type II audits on Teladoc Health controls
- HITRUST audits on Teladoc Health controls
- Provide leadership and guidance over FedRAMP efforts
- Other assessments as needed
- Test implemented controls and perform risk assessments based on established frameworks and Teladoc internal policies
- Mature the vendor risk management program and evaluate assessments using a risk based approach
- Develop and maintain relevant risk metrics to promote transparency to peer teams, senior leadership and any other relevant stakeholders
- Present Teladoc’s security program during client security risk assessment in the format of questionnaires and audits by gathering information from across the organization as necessary
- Promote security education and awareness across Teladoc Health
- Previously held relevant security or related role(s)
- Experience with Software-as-a-Service or cloud service providers industry challenges
- Experience with consolidating security programs as part of merger and acquisition activities
- Foundational knowledge of IT Audit/compliance process and activities
- Experience working in a regulated environment enforcing policies and procedures
- SOC2, ISO27001, PCI, HIPAA, HITRUST, FedRAMP and GDPR experience are all big pluses
- CRISC, CGEIT, CISSP, CISM, CISA, and CPA certifications are all big pluses
Why Join Teladoc Health?
A New Category in Healthcare: Teladoc Health is transforming the healthcare experience and empowering people everywhere to live healthier lives.
Our Work Truly Matters: Recognized as the world leader in whole-person virtual care, Teladoc Health uses proprietary health signals and personalized interactions to drive better health outcomes across the full continuum of care, at every stage in a person’s health journey.
Make an Impact: In more than 175 countries and ranked Best in KLAS for Virtual Care Platforms in 2020, Teladoc Health leverages more than a decade of expertise and data-driven insights to meet the growing virtual care needs of consumers and healthcare professionals.
Focus on PEOPLE: Teladoc Health has been recognized as a top employer by numerous media and professional organizations. Talented, passionate individuals make the difference, in this fast-moving, collaborative, and inspiring environment.
Diversity and Inclusion: At Teladoc Health we believe that personal and professional diversity is the key to innovation. We hire based solely on your strengths and qualifications, and the way in which those strengths can directly contribute to your success in your new position.
Growth and Innovation: We’ve already made healthcare yet remain on the threshold of very big things. Come grow with us and support our mission to make a tangible difference in the lives of our Members.
As an Equal Opportunity Employer, we never have and never will discriminate against any job candidate or employee due to age, race, religion, color, ethnicity, national origin, gender, gender identity/expression, sexual orientation, membership in an employee organization, medical condition, family history, genetic information, veteran status, marital status, parental status or pregnancy (including breastfeeding – we have a mother’s room in both our offices). In our innovative and inclusive workplace, we prohibit discrimination and harassment of any kind.