Company Overview

Nuance Communications, Inc. is the pioneer and leader in conversational AI innovations that bring intelligence to everyday work and life. The company delivers solutions that understand, analyze and respond to human language, amplifying human intelligence. With decades of domain and artificial intelligence expertise, Nuance works with thousands of organizations – in healthcare, telecommunications, automotive, financial services, retail, and more – to create stronger relationships and better experiences for their customers.

The Nuance Global IT team is focused on supporting the company and employees with technical solutions and expertise that help the business run more efficiently, ensure security and data privacy, and support new IT infrastructure initiatives that drive innovation. Our team is composed of problem solvers with constant curiosity and different perspectives who love to collaborate to transform and rethink IT.

Job Summary

Summary: Reporting to the Chief Information Security Officer, the Senior Director of Governance, Risk and Compliance (GRC) is a business/technology executive who will be responsible for providing leadership in a comprehensive Security program and ensuring compliance. The successful candidate will oversee and coordinate the Nuance Information Risk program as part of the security organization. This person is responsible for providing expertise in the areas of compliance, IT audit, risk management, 3rd party vendor management and privacy. They will also assist with sales-related inquiries according to priorities.

The Senior Director will design and maintain a holistic approach to governance risk and compliance by applying and integrating industry best practices into the top-level business processes at Nuance. They will develop and drive remediation for critical issues by leading process redesign where necessary. They will also create formal networks with key decision makers and serve as an external spokesperson for the organization on matters related to GRC and maintaining overall information security customer facing documents.

The successful candidate will be comfortable working in a fast-paced, collaborative, highly matrixed environment. The person in this role must have a proven track record of hiring, developing and growing technical talent, strong executive presence and demonstrate outstanding communication skills. This Senior Director will lead a team of 12+ employees comprised of managers and security analysts in a very dynamic and frequently complex organization, while developing strong partnerships with other leaders across the organization.

Responsibilities:

• Directly responsible for procedures and controls to assure compliance with applicable regulatory and legal requirements as well as good business practices as part of a controls assurance program
• Develops, deploys, and maintains an internal and external IT/Security audit program
• Establishes and oversees the formal risk analysis and self-assessments program for various Information Services systems and processes
• Helps ensure compliance with HIPAA, PCI, and various other regulatory requirements
• Develops, deploys, and maintains a 3rd party vendor security management program
• Assists the sales organization in the pre-sales process with partners and customers
• Assists in the design and measurement of privacy controls
• Contributes expertise to help determine requirements and functional specifications for entire organization
• Manages, coaches, leads, and develops a staff of information risk professionals
• Designs and maintains the Nuance information security controls framework
• Designs and maintains the Nuance information security compliance framework
• Designs and maintains the Nuance information security risk framework
• Maintains security policy framework
• Performs compliance related activities including attaining and maintaining certifications
• Acts as a key member of the CISO staff and assists with other duties as required

Qualifications

Number of Years of Work Experience: 15+ years' of Information Security/Risk Management experience

Required Skills:

• Information Security Governance, Risk & Compliance Background
• Information Security Audit Background

• Knowledge of the GRC aspects of information security subject matter including

o Control assurance design principles and practiceso Information Technology audit practices
o In-depth knowledge of various compliance regimes – SOX, PCI, HIPAA, SSAE16, and ISO 27001
o Advanced knowledge of risk assessment design and delivery
o Knowledge of governance, risk, and compliance systems [RSA Archer a plus] and how to design a GRC framework

• Well versed in HIPAA, PCI-DSS, ISO 27001, SSAE 18 and similar
• Well versed in security policies
• Demonstrated experience dealing with security challenges and issues confronting a large, geographically distributed, departmentally diverse, global, public-facing organization
• Understanding of security and privacy regulations and standards is desirable
• Well versed in dealing with external security reports from security researchers
• Knowledge of one or more GRC platforms
• Project/Program management experience
• International experience or knowledge

Preferred Skills: Industry certification (CISSP, CRISC, CISA, CIPP) 

Education: Master’s preferred 

Additional Information

Nuance offers a compelling and rewarding work environment. We offer market competitive salaries, bonus, equity, benefits, meaningful growth and development opportunities and a casual yet technically challenging work environment. Join our dynamic, entrepreneurial team and become part of our continuing success.  

Nuance Communication Inc.  is an equal opportunity employer.  We evaluate qualified applicants without regard to race, age, color, religion, sex, national origin, disability, veteran status, gender identity, sexual orientation and other legally protected characteristics. The EEO is the Law poster and its supplement is available here. If you need a reasonable accommodation because of a disability for any part of the employment process, please call 781-565-5086 – Human Resources Department and let us know the nature of your request and your contact information.