Cybersecurity Coordinator - Rogers Behavioral Health : Job Details

Summary:The Cybersecurity GRC Coordinator will lead and enhance our cybersecurity risk management and compliance initiatives. This role is instrumental in ensuring the organization's security posture aligns with industry regulations such as HIPAA, HITECH, and PCI DSS, and follows recognized frameworks like NIST and CIS. The ideal candidate will have deep experience in risk management and assessments, policy development, third-party risk management (TPRM), regulatory compliance, and security awareness programs.

Job Duties & Responsibilities:

• Lead enterprise-wide cybersecurity risk assessments and manage the risk lifecycle, including identification, analysis, mitigation, and reporting.

• Ensure organizational compliance with HIPAA, HITECH, PCI DSS, and state/federal cybersecurity regulations.

• Maintain and monitor risk registers and control inventories, ensuring alignment with NIST CSF, NIST 800-53/171, and CIS Controls.

• Track and support remediation of risk and compliance gaps, ensuring timely resolution and reporting to stakeholders.

• Develop and execute the third-party/vendor security risk management process, including assessments, due diligence, and risk mitigation strategies.

• Collaborate with procurement, legal, and business teams to evaluate third-party contracts and data handling practices.

• Maintain documentation for vendor security reviews and provide recommendations for risk acceptance or remediation.

• Develop, maintain, and enforce cybersecurity policies, standards, and procedures aligned with regulatory requirements and best practices.

• Ensure policy lifecycle management is followed, including regular reviews and updates based on evolving risks and regulations.

• Serve as a subject matter expert on cybersecurity GRC topics across internal projects and initiatives.

• Lead the design, development, and delivery of the organization's cybersecurity education and awareness programs.

• Conduct phishing simulations, targeted training campaigns, and role-based security education.

• Evaluate training effectiveness and adjust program strategies to reduce human risk.

• Support internal and external audits, assessments, and regulatory reviews, including documentation gathering, evidence submission, and audit response.

• Provide regular metrics, dashboards, and reports on compliance posture, risks, and program effectiveness to leadership and stakeholders.

• Assist leading incident response activities, including forensic collection of images, and artifacts, analysis of resulting data, and development of remediation and mitigation recommendations.

Additional Job Description:

Physical/Mental Demands:

• Position requires walking, sitting, and standing. Lifting is moderate; must be capable of lifting a minimum of forty (40) pounds. Reaching, handling, grasping and manual dexterity are necessary to operate various equipment.

• Verbal and hearing ability are required to interact with staff, consultants, patients, and family members of patients. Numerical ability is required to maintain records and operate a computer.

• Tact is required to interact effectively with employees and professional staff. Logical thinking and discretion required to make decisions in initiating and implementing policies, procedures, and standards.

• Must be able to read and communicate through written, verbal, and auditory skills and abilities.

• Must be physically/mentally able to perform job duties as verified by a physical exam by a licensed physician, per post-employment physical.

Qualifications Requirements:

• 7+ years of professional experience in cybersecurity, risk management, and/or GRC, with at least 3+ years in a senior or lead capacity.

• Strong knowledge of healthcare security and privacy regulations including HIPAA, HITECH, and PCI DSS.

• Proficiency in applying security frameworks such as NIST CSF, NIST 800-53/171, and CIS Controls.

• Hands-on experience conducting enterprise risk assessments, managing third-party risk, and developing GRC processes.

• Excellent understanding of policy governance, audit readiness, and regulatory reporting.

• Strong written and verbal communication skills; able to translate technical risks into business language for leadership.

Education/Training Requirements:

• Bachelor's degree in the field of computer science, computer information systems, or computer engineering or equivalent professional experience.

• Industry certifications strongly preferred, such as: CISSP, CISA, CRISC, HCISPP, CISM, or Certified in Healthcare Privacy and Security (CHPS)

With a career at Rogers, you can look forward to a Total Rewards package of benefits, including:

• Health, dental, and vision insurance coverage for you and your family
• 401(k) retirement plan
• Employee share program
• Life/disability insurance
• Flex spending accounts
• Tuition reimbursement
• Health and wellness program
• Employee assistance program (EAP)

Through UnitedHealthcare, UMR and HealthSCOPE Benefits creates and publishes the Machine-Readable Files on behalf of Rogers Behavioral Health.To link to the Machine-Readable Files, please visitTransparency in Coverage (uhc.com)