BJC Careers

Manager, IT Security Governance, Risk & Compliance

Saint Louis, MO
Information Services

Job Description

Job ID: 1180591
Employment Status: Full-Time
Regular/Temporary: Regular

Your Career. Made Better.

BJC HealthCare is one of the largest nonprofit health care organizations in the United States, delivering services to residents primarily in the greater St. Louis, southern Illinois and mid-Missouri regions. BJC serves patients and their families in urban, suburban and rural communities through its 15 hospitals and multiple community health locations. Services include inpatient and outpatient care, primary care, community health and wellness, workplace health, home health, community mental health, rehabilitation, long-term care and hospice.

IS Security Services serves as an independent, objective catalyst for implementing effective and efficient controls to protect BJC HealthCare (BJC) information resources through collaboration with customers. We provide value to our customers and the organization by: Ensuring compliance with internal policies and external regulations; evaluating information system and application controls; educating BJC employees and other strategic partners on information systems security practices and concepts; acting as a resource on security controls for new and existing information systems and applications; recovering mission critical applications and data vital to the organization and strategic partners; investigating practices not in compliance with established BJC Information Services security policies and standards.

Join Us!

Role Purpose

Leader IT Security Governance, Risk and Compliance (GRC).  This role is responsible for establishing and maintaining the enterprise-wide IT Security GRC program and overseeing a team of professionals providing security risk assessments, third-party IT general control evaluations and risk mitigation follow up activities. This is accomplished by working closely with Business Process, IT, Legal, Compliance and other teams to develop risk mitigation strategies and plans. The role will also manage the development, implementation and continuous improvement of key reporting of IT Security risks through a GRC tool to assist leadership in making informed risk-based decisions.


  • Develops and adheres to departmental staffing, revenue and/or expense budgets. Responds to changes in the business which may affect the ability to achieve the budget goals.
  • Manages individual(s) including but not limited to: hires, trains, assigns work, manages & evaluates performance, conducts professional development plans. Ensures that the productivity and actions of that group meet/support the overall operational goals of the department as established by department leadership.
  • Oversees the implementation, ongoing monitoring and continuous improvement of GRC processes, including the GRC Tool and related solutions. Develop and continuously improve Security Risk Assessment (SRA) processes to support effective and timely analysis of IT security risks to information assets and business solutions. Deliver Third-Party Vendor risk assessment process.
  • Integrate the risk assessment processes with other IT Security functions and processes to leverage information and promote increased visibility of risks, including regulatory, entity and organizational risk assessments, threat and vulnerability management, security operations and incident reporting, security architecture, and security engineering.
  • Develop and influence key IT Security policies, standards, guidelines and procedures in response to identified risks, including further development and maintenance of minimum security requirements. Maintain current knowledge of industry requirements and regulatory changes affecting technology, processes and procedure and recommend appropriate changes to ensure alignment.
  • Provide risk management insight and assistance across the IT security teams, IT department and enterprise. Champion IT Security practices, processes and procedures and communicate with business process owners with varying understanding of IT security controls and risks.

  • Minimum Requirements



  • Bachelor's Degree


  • 5-10 years

    Supervisor Experience

  • 2-5 years


    Preferred Requirements and Additional Job Information



  • Master's Degree

    Supervisor Experience

  • 5-10 years

    Licenses & Certifications

  • CIA
  • CISA
  • Cert. Info Security Officer

  • Benefits Statement

    Note: not all benefits apply to all openings

    -  Comprehensive medical, dental, life insurance, and disability plan options
    -  Pension Plan*/403(b) Plan
    -  401(k) plan
    -  Tuition Assistance
    -  Health Care and Dependent Care Reimbursement Accounts
    -  On-Site Fitness Center (depending on location)
    -  Paid Time Off Program for vacation, holiday and sick time

    *Pension does not apply to Memorial Hospital, Memorial Hospital East, Memorial Medical Group, Alton Memorial or Parkland Health Center

    Legal Statement

    The above information on this description has been designed to indicate the general nature and level of work performed by employees in this position. It is not designed to contain or be interpreted as an exhaustive list of all responsibilities, duties and qualifications required of employees assigned to this job.


    Equal Opportunity Employer