We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Henry Ford Health System jobs

Manager - IT Security Compliance | Full Time

Henry Ford Health System
United States, Michigan, Detroit
Mar 05, 2026

GENERAL SUMMARY:

The IT Security Compliance Manager is responsible for overseeing the cybersecurity compliance program across the health system. This position ensures alignment with healthcare regulatory requirements, national security frameworks, and federal interoperability initiatives - including HIPAA, HITECH, CMS Promoting Interoperability, and TEFCA. This role leads enterprise-wide readiness for security compliance audits, manages regulatory attestations, and partners closely with the Cybersecurity GRC team, Privacy, Legal, and IT Operations to maintain a trusted and compliant security posture. The IT Security Compliance Manager provides governance and oversight but does not directly manage or operate technical/security controls. The IT Security Compliance Manager is responsible for establishing and maintaining an enterprise-wide IT Compliance program. The position is responsible for identifying, directing, coordinating, evaluating, and reporting on security compliance management key performance indicators. The position is also responsible for project prioritization, strategic planning, execution, policies, procedures, and guiding practices.

REPORTING/RELATIONSHIPS:

The IT Security Compliance Manager reports to the Director, Cybersecurity GRC within the Information Privacy & Security Office. In addition, this position will work in a collaborative effort with IT and business unit leadership to ensure alignment with policies, processes, applicable laws, and regulations.

MANAGEMENT:

Provides leadership, vision, managerial oversight, development, implementation, and execution of Henry Ford Health security compliance management planning. Maintains policies and processes that enable Henry Ford Health to establish consistent, efficient, and appropriate oversight of services. Sets performance expectations for direct reports and provides constructive performance feedback on a regular basis.

Fosters a culture of customer service, disciplined business conduct, and healthy communication. Ensures each team member understands their role, assigned responsibilities, and is accountable for their performance. Allocates resources so timelines, commitments, and service levels from the team are met.

PRINCIPLE DUTIES AND RESPONSIBILITIES:

  • Oversee compliance with applicable healthcare cybersecurity regulations and frameworks including HIPAA Security Rule, HITECH, CMS Promoting Interoperability, and TEFCA.
  • Maintain awareness of evolving regulatory and accreditation requirements; interpret their impact on the organization's cybersecurity posture.
  • Partner with the GRC Controls Manager to ensure security controls align with regulatory intent and audit readiness needs.
  • Serve as the central point of contact for compliance-related audits, assessments, and documentation requests.
  • Lead preparation and coordination for external and internal audits (HIPAA, HITRUST, PCI, TEFCA, CMS, OCR, GDPR, and others).
  • Oversee the organization's annual HIPAA Security Rule and CMS Promoting Interoperability attestations.
  • Provides compliance metrics, dashboards, and reporting to leadership.
  • Track compliance findings through remediation and validate closure with responsible stakeholders.
  • Serve as compliance liaison for TEFCA participation, ensuring alignment with Common Agreement and QHIN framework security and privacy obligations.
  • Maintain documentation and evidence demonstrating adherence to TEFCA's security, privacy, and breach response requirements.
  • Collaborate with Legal, Privacy, and Interoperability teams to maintain readiness for CMS-aligned network security certifications and attestations.
  • Review and maintain cybersecurity-related policies and standards to ensure consistency with regulatory requirements.
  • Provide compliance guidance for new technology initiatives, system integrations, and data exchange projects.
  • Serve as a subject matter expert to business and IT leadership on cybersecurity compliance, audit readiness, and TEFCA/CMS interoperability obligations.
  • Promote organizational awareness of regulatory responsibilities and audit readiness expectations.
  • Conducts performance reviews for team members and provides coaching and staff performance feedback.
  • Supports sound fiscal management including budgetary input for proper staffing and expenditures.
  • Other duties as assigned.

EDUCATION/EXPERIENCE REQUIRED:

  • Bachelor's degree in Information Technology, Cybersecurity, or related field (or equivalent experience) required.
  • Five plus (5+) years of experience in IT security compliance, risk management, or audit coordination within healthcare or other regulated industries required.
  • Strong working knowledge of HIPAA, HITECH, CMS Promoting Interoperability, TEFCA, and related federal and state requirements required.
  • Familiarity with frameworks including NIST CSF, NIST 800-53, HITRUST CSF, and ISO 27001 required.
  • Experience with both the payer and provider side of healthcare regulation including an understanding of necessary segregation between them required.
  • Professional certifications such as CISSP, CISA, CISM, HCISPP, or HITRUST CCSFP required.
  • Experience supporting TEFCA or CMS-aligned network compliance initiatives required.
  • Experience with IT GRC platforms such as ServiceNow GRC, Archer or OneTrust preferred. Experience supporting TEFCA or CMS-aligned network compliance initiatives preferred.
  • Excellent organizational, communication, and stakeholder management skills preferred.
  • Exceptional and demonstrated leadership skills and ability to influence peers, superiors, and corporate culture preferred.
  • Ability to analyze, interpret, and summarize regulations, policies and procedures, reports, and legal documents preferred.
  • Demonstrated ability to recruit, train and lead people, set goals and achieve implementation results for security programs and solutions preferred.
  • Advanced knowledge of IT systems and functions, process development, change management, and service and implementation lifecycle preferred.
  • Demonstrated strong and effective verbal, written, and interpersonal communication skills preferred.
Additional Information


  • Organization: Corporate Services
  • Department: Privacy&Security Risk Mgmt Svc
  • Shift: Day Job
  • Union Code: Not Applicable

Applied = 0
MORE JOBS LIKE THIS

(web-6bcf49d48d-kx4md)