Director, Information Technology Governance

Point C is a National third-party administrator (TPA) with local market presence that delivers customized self-funded benefit programs. Our commitment and partnership means thinking beyond the typical solutions in the market – to do more for clients – and take them beyond the standard “Point A to Point B.” We have researched the most effective cost containment strategies and are driving down the cost of plans with innovative solutions such as, network and payment integrity, pharmacy benefits and care management. There are many companies with a mission. We are a mission with a company.

The Director, Information Technology Governance & Risk Management will lead Point C’s IT security governance program, reporting to the CISO. This role is responsible for developing and managing security policies, overseeing risk and compliance initiatives, and ensuring alignment with HIPAA, HITRUST, and SOC 2.

This leader will drive security awareness, vendor risk management, and enterprise risk governance while translating regulatory requirements into practical, scalable processes.

Key Responsibilities

• Lead IT governance, including policy development, lifecycle management, and governance committee oversight

• Maintain an auditable policy library with structured review and approval processes

• Align security policies with HIPAA, HITRUST, SOC 2, and other regulatory frameworks

• Translate audit findings into actionable controls and remediation plans

• Own the IT security awareness and training program, including role-based training and phishing simulations

• Oversee vendor and third-party risk management, including due diligence, risk assessments, and ongoing monitoring

• Manage the IT risk register and drive risk mitigation strategies with executive reporting

• Support audit readiness through control testing, reporting, and coordination of internal/external audits

• Promote adoption of enterprise security standards across identity, access, and data protection

Qualifications

• 8+ years in information security, IT governance, or risk management

• 3+ years leading governance or compliance programs in healthcare or regulated industries

• Experience with HITRUST, SOC 2 Type II, and HIPAA

• Proven experience building policy, awareness, and vendor risk programs

• Strong risk management, stakeholder communication, and executive reporting skills

• CISA, CISSP, CRISC, or CISM preferred

Individual compensation will be commensurate with the candidate's experience and qualifications. Certain roles may be eligible for additional compensation, including bonuses, and merit increases. Additionally, certain roles have the opportunity to receive sales commissions that are based on the terms of the sales commission plan applicable to the role.

• Comprehensive medical, dental, vision, and life insurance coverage
• 401(k) retirement plan with employer match
• Health Savings Account (HSA) & Flexible Spending Accounts (FSAs)
• Paid time off (PTO) and disability leave
• Employee Assistance Program (EAP)

Equal Employment Opportunity: At Point C Health, we know we are better together. We value, respect, and protect the uniqueness each of us brings. Innovation flourishes by including all voices and makes our business—and our society—stronger. Point C Health is an equal opportunity employer and we are committed to providing equal opportunity in all of our employment practices, including selection, hiring, performance management, promotion, transfer, compensation, benefits, education, training, social, and recreational activities to all persons regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, genetic information, pregnancy, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, and military and veteran status, or any other protected status protected by local, state or federal law.