Director- GRC Cybersecurity

R1 is the leading provider of technology-driven solutions that transform the patient experience and financial performance of hospitals, health systems and medical groups. We are the one company that combines the deep expertise of a global workforce of revenue cycle professionals with the industry's most advanced technology platform, encompassing sophisticated analytics, AI, intelligent automation and workflow orchestration.

With over 30,000 employees globally and a robust presence in India, comprising over 17,000 employees across Delhi NCR, Hyderabad, Bangalore, and Chennai, we foster an inclusive culture where every team member feels valued and empowered. Our mission is to transform the healthcare industry by driving efficiency for healthcare systems, hospitals, and physician practices, continuously striving to make healthcare work better for everyone.

Position Summary:

We are seeking an experienced and strategic Director – GRC Cybersecurity to lead our Cybersecurity risk and governance efforts for India/Philippines market of R1 RCM. This role will be responsible for overseeing the cybersecurity risk posture of the organization, client onboarding/offboarding processes, supporting security audits, and ensuring compliance with HIPAA, HITECH, and other healthcare regulatory frameworks. The ideal candidate will bring strong leadership, a deep understanding of healthcare cybersecurity risks, and the ability to operationalize governance processes at scale.

Key duties & responsibilities

Cybersecurity Risk Governance

• Lead the third-party cybersecurity risk management program with a focus on PHI/PII protection, HIPAA compliance, and critical vendor oversight.
• Drive assessments aligned with NIST CSF and ISO framework to evaluate and mature cybersecurity program
• Establish and maintain exception management, approval management and periodic monitoring
• Collaborate with global cybersecurity and IT teams for implementing automation through GRC tools.
• Oversee onboarding and offboarding processes to ensure alignment with security policies, BAAs (Business Associate Agreements), and regulatory requirements.
• Monitor and govern third-party relationships, conducting periodic risk assessments and ensuring timely remediation of findings.

Security awareness and culture

• Design and oversee India and Philippines cybersecurity awareness and training program for employees, contractors and vendors
• Develop and communicate governance dashboards and awareness campaigns to foster a culture of shared cybersecurity responsibility
• Evaluate effectiveness of training program and tailor it based on organizational requirements

Audit & Compliance Leadership:

• Serve as key POC for client, regulatory, and third-party cybersecurity audits.
• Ensure readiness and timely response for HIPAA, SOC 2, CERT-IN assessments, and client cybersecurity reviews and audits
• Lead audit coordination across departments, track findings, and drive remediation activities to closure.
• Represent the organization during client cybersecurity audits and on-site reviews.

Governance Frameworks, Metrics & Reporting:

• Establish and maintain standard operating procedures for the organization, client onboarding/offboarding, and evidence handling.
• Define and report on KPIs and KRIs for cybersecurity governance.
• Develop executive dashboards and actionable insights for leadership, audit committees, and compliance teams.

Cross-Functional Collaboration & Risk Advisory:

• Work closely with Legal, Procurement, Compliance, and Privacy teams to embed cybersecurity controls into contracts, RFPs, and vendor due diligence.
• Advise internal business owners on security risks, remediation plans, and vendor-related compliance obligations.

Qualification

• Bachelor's or Master's degree in Technology, Cybersecurity, Risk Management, or a related field.

Experience, Skills and Knowledge

• 12+ years of cybersecurity or GRC experience, with at least 5 years in a leadership role, ideally in a healthcare organization or health-tech environment.
• Good understanding of HIPAA, HITECH, HITRUST, ISO 27001, CERT-IN and regulatory frameworks.
• Proven experience managing cybersecurity risk and audit programs at scale.
• Excellent communication skills, with ability to interface with clients, vendors, operational, legal, and IT leadership.

Key competency profile

• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified in Risk and Information Systems Control (CRISC)
• HITRUST CCSFP or ISO 27001 Lead Implementer

Working in an evolving healthcare setting, we use our shared expertise to deliver innovative solutions. Our fast-growing team has opportunities to learn and grow through rewarding interactions, collaboration and the freedom to explore professional interests.

Our associates are given valuable opportunities to contribute, to innovate and create meaningful work that makes an impact in the communities we serve around the world. We also offer a culture of excellence that drives customer success and improves patient care. We believe in giving back to the community and offer a competitive benefits package. To learn more, visit:

Visit us on Facebook