Director - InfoSec Governance, Risk and Compliance - Hybrid

Extraordinary Careers. Endless Possibilities.

With the nation’s largest home infusion provider, there is no limit to the growth of your career.

 Option Care Health, Inc. is the largest independent home and alternate site infusion services provider in the United States. With over 8,000 team members including 5,000 clinicians, we work compassionately to elevate standards of care for patients with acute and chronic conditions in all 50 states. Through our clinical leadership, expertise and national scale, Option Care Health is re-imagining the infusion care experience for patients, customers and team members.

Join a company that is taking action to develop an inclusive, respectful, engaging and rewarding culture for all team members. At Option Care Health your voice is heard, your work is valued, and you’re empowered to grow. Cultivating a team with a variety of talents, backgrounds and perspectives makes us stronger, innovative, and more impactful. Our organization requires extraordinary people to provide extraordinary care, so we are investing in a culture that attracts, hires and retains the best and brightest talent in healthcare.

Job Description Summary:

The Director of Information Security Governance, Risk & Compliance (GRC) is responsible for leading the enterprise-wide information security and IT GRC program, ensuring protection of electronic Protected Health Information (ePHI) and alignment with regulatory, contractual, and risk management obligations. This role drives the design, implementation, and continuous improvement of a comprehensive GRC program that delivers measurable risk reduction, audit readiness, and control maturity across clinical, operational, and corporate environments. The Director works closely with IT, Business Operations, Compliance, Privacy, Legal, Internal Audit, and Enterprise Risk Management. The role has direct accountability for HIPAA security governance, NIST framework adoption, third-party risk management, SOX IT controls coordination, and business continuity and incident readiness.

Job Description: ​

Job Responsibilities (listed in order of importance and/or time spent)

• Lead the enterprise information security and IT risk management program, including identification, assessment, classification, and measurement of risks impacting healthcare operations and ePHI.
• Lead the enterprise information security governance program, including development and maintenance of policies, standards, procedures, and control narratives
• Lead a scalable third‑party risk management program covering security and privacy assessments, risk tiering, remediation tracking, and continuous monitoring
• Lead enterprise‑wide security education and awareness programs for employees, contractors, and vendors
• Develop executive‑level metrics and dashboards translating technical risk into business‑relevant insights
• Present security risk, compliance posture, and investment needs to leadership
• Provide governance oversight for incident response and lead enterprise tabletop exercises
• Expand Data Governance program in alignment with privacy and compliance
• Support the AI Governance Committee with effective implementation of governance controls around enterprise AI use
• Maintain and govern the InfoSec and IT risk register, including risk ownership, treatment plans, exception handling, and align with Enterprise Risk Management.
• Develop and maintain key risk and performance metrics (KRIs/KPIs), dashboards, and trend analyses demonstrating risk posture and maturity improvements
• Lead control maturity and compliance programs aligned to NIST‑CSF, SOC 2, SOX IT General Controls (ITGC), and other applicable regulatory or assurance frameworks
• Coordinate external audits and assessments, serving as the primary liaison for auditors and assessors
• Identify and research potential performance improvement opportunities in leveraging security benchmarks and best practices.
• Lead, mentor, and develop a high‑performing GRC team.

Supervisory Responsibilities

Does this position have supervisory responsibilities?

(i.e. hiring, recommending/approving promotions and

pay increases, scheduling, performance reviews,

discipline, etc.)

Yes-X

Basic Education and/or Experience Requirements

• Bachelor’s degree required; Master’s degree preferred in relevant field.
• 10+ years of progressively responsible experience in information security, IT and InfoSec risk, governance, compliance, metrics, business continuity, and training.
• 5+ years direct management experience leading InfoSec and/or IT GRC Teams

Basic Qualifications

• Experience managing third‑party risk, business continuity programs, and security training initiatives
• Demonstrated experience managing enterprise information security risk, NIST‑aligned programs, SOC 2, and SOX ITGC environments
• Proven success implementing metrics‑driven GRC programs at scale
• Experience with GRC tooling, continuous control monitoring, M&A security due diligence, and AI governance programs
• Demonstrated experience with HIPAA Security Rule implementation and HITRUST CSF alignment.
• Business acumen with an ability to explain to business leaders security initiatives, programming and impact
• Exceptional written, verbal, and public speaking skills

Travel Requirements: (if required)

• Willing to travel up to 10% of the time for business purposes (within state and out of state).

Preferred Qualifications & Interests (PQIs)

• Professional certifications such as CISSP, CISM, CRISC, CISA, HCISPP, or HITRUST CCSFP
• Experience presenting to executive leadership

Due to state pay transparency laws, the full range for the position is below:

Salary to be determined by the applicant's education, experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data.

Pay Range is $160,107.21-$266,852.84

Benefits:

-Medical, Dental, & Vision Insurance

-Paid Time off

-Bonding Time Off

-401K Retirement Savings Plan with Company Match

-HSA Company Match

-Flexible Spending Accounts

-Tuition Reimbursement

-myFlexPay

-Family Support

-Mental Health Services

-Company Paid Life Insurance

-Award/Recognition Programs

Option Care Health subscribes to a policy of equal employment opportunity, making employment available without regard to race, color, religion, national origin, citizenship status according to the Immigration Reform and Control Act of 1986, sex, sexual orientation, gender identity, age, disability, veteran status, or genetic information.

​