Director GRC & Security Architecture

Apply now Job no: 502862
College / VP Area: Vice President for IT
Work type: Staff
Location: Newark, DE/Hybrid
Categories: Information Technology, Legal & Compliance, Full Time

The Director of GRC and Security Architecture is a senior leadership role responsible for governing the organization’s information security risk, compliance, and architectural security posture. This role provides enterprise-wide leadership across governance, risk management, regulatory compliance (including HIPAA), and security architecture to ensure security controls are designed, implemented, and operating effectively in support of business, academic, and clinical objectives.

Serving as the designated HIPAA Security Officer, this role partners closely with Legal, Privacy, Compliance, IT, Cloud, Application, and Security Operations teams to ensure regulatory readiness, risk-informed decision-making, and secure-by-design technology architecture across on-premises, cloud, and SaaS environments.

This position reports to the Chief Information Security Officer of the University.

• Lead the enterprise Information Security Governance, Risk, and Compliance (GRC) program.
• Establish and maintain security policies, standards, procedures, and control frameworks aligned with NIST, HITRUST, ISO 27001, and other applicable frameworks.
• Oversee enterprise risk assessments, third-party risk management, and control effectiveness evaluations.
• Translate regulatory, legal, and contractual requirements into actionable security controls and architectural standards.
• Ensure ongoing compliance with applicable regulations and standards, including HIPAA, PCI DSS, FERPA, SOC 2, and FIPS-140, as applicable.

• Serve as the organization’s designated HIPAA Security Officer.
• Oversee administrative, technical, and physical safeguards required under the HIPAA Security Rule.
• Partner with Privacy, Legal, Compliance, and Health IT leadership on risk analyses, remediation plans, and regulatory inquiries.
• Support audits, investigations, and compliance reviews related to protected health information (PHI).
• Ensure appropriate security awareness and HIPAA training programs are developed and delivered across the organization.

• Own and lead the security architecture function, defining enterprise security architecture principles, reference architectures, and design standards.
• Review and approve security architecture for new systems, applications, cloud services, and major technology initiatives.
• Ensure security is embedded early in system lifecycle activities through secure-by-design and defense-in-depth principles.
• Partner with infrastructure, cloud, application, and Dev Ops teams to integrate security requirements into platforms and solutions.
• Guide architectural decisions related to identity, network segmentation, encryption, key management, logging, and data protection.

• Contribute to and lead multi-year security strategy and roadmap development in alignment with organizational objectives.
• Actively participate in enterprise security and risk governance forums, advising executive leadership on risk posture and architectural trade-offs.
• Balance risk reduction with operational efficiency, usability, and institutional mission requirements.
• Serve as a trusted advisor to schools, departments, and business units on risk and architectural security decisions.

• Provide governance and oversight for security technologies supporting risk management, compliance, and architectural controls.
• Ensure alignment between security architecture standards and operational security tooling.
• Evaluate new security technologies and frameworks to address evolving regulatory and threat landscapes.

• Develop and report meaningful risk and compliance metrics to senior leadership and governance committees.
• Communicate complex security and compliance topics clearly to technical and non-technical stakeholders.
• Provide executive-level reporting on risk trends, compliance posture, and…