Skip to main content

Our Application system is currently undergoing planned system maintenance on 4/9 at 11pm PST.

During this time, please sign up for and come back after 7am PST on 4/10 to apply for jobs.

Already Applied?
Log in Here.

Director Information Security Risk Management

R18473 Nashville, Tennessee - Additional locations

Additional Locations: Nashville, Tennessee, Tennessee, Georgia Nashville, Tennessee, United States of America; VIRTUAL, Tennessee, United States of America; VIRTUAL, Georgia, United States of America

Transforming the future of healthcare isn’t something we take lightly. It takes teams of the best and the brightest, working together to make an impact.

As one of the largest healthcare technology companies in the U.S., we are a catalyst to accelerate the journey toward improved lives and healthier communities.

Here at Change Healthcare, we’re using our influence to drive positive changes across the industry, and we want motivated and passionate people like you to help us continue to bring new and innovative ideas to life.

If you’re ready to embrace your passion and do what you love with a company that’s committed to supporting your future, then you belong at Change Healthcare.

Pursue purpose. Champion innovation. Earn trust. Be agile. Include all. 

Empower Your Future. Make a Difference.

Director Information Security Risk Management

Overview of Position
Change Healthcare is looking for a seasoned leader to drive our Information Security Risk Management program, consisting of enterprise security assessments, information security risk council, risk register, threat modeling, Governance, Risk and Compliance (GRC) Tool, and risk acceptance process.  This position is critical to the overall security posture of Change Healthcare and requires the ability to exercise influence at all levels of the company including executive level across diverse business units.

The goal of the program is to reduce enterprise security risk by effectively identifying, prioritizing, and managing security risks across a variety of IT domains and tracking risks through closure.  The leader will focus on enhancing our risk assessment approach and update as necessary, by staying abreast of current trends and threat intel in information security.

The candidate will drive continuous improvement of the risk management program by evaluating current program maturity, establishing clear organizational objectives and plans, and tracking progress against a maturity plan.  The leader will leverage their ability to influence both executives and technical teams to drive strategic approaches to addressing risks.

What will be my duties and responsibilities in this job?

  • Proactively report program status and planning regularly to senior leadership
  • Conduct periodic and ad hoc risk assessments by reviewing control maturity with relevant control owners.
  • Enhance security risk management functions to enable the effective management of risks across the enterprise
  • Conduct risk assessments of business/IT process and procedures to identify areas of significant risk and identify root causes
  • Lead a GRC migration to automate components of the risk management program, enabling effective and efficient risk prioritization, tracking, reporting, and remediation
  • Design and implement an effective risk acceptance process, with consideration for relevant organizational requirements
  • Develop and implement enterprise risk tracking capabilities, capturing key attributes for effective reporting
  • Deliver risk reporting to IT leadership and partner with enterprise risk management functions
  • Develop risk management staff to operate key risk functions independently

What are the requirements needed for this position?

  • Bachelor's degree in MIS, IT, Related Field, or equivalent experience
  • 8+ years of experience in leading a risk management program/function
  • Experience in performing security assessments
  • Proficient within the Microsoft Office Suite
  • Preferred Certifications: Certified Information Systems Security Professional (CISSP), Certified in Risk and Information Systems Contrrol (CRISC), or equivalent.

What other skills/experience would be helpful to have?

  • Hands on experience with Maintain Risk Register and Threat Models
  • Previous experience migrating to new Governance, Risk and Compliance (GRC) Tool and Maintain GRC
  • Previous experience overseeing Policy Exception and Risk Acceptance Processes
  • Create and deliver powerful metrics, as well as supporting deliverables
  • Ability to partner with key stakeholders across IT and business functions to assess, articulate, and support remediation of security risks
  • Previous experience mentoring, hiring, and managing risk assessment resources, both FTE and vendor sourced

Join our team today where we are creating a better coordinated, increasingly collaborative, and more efficient healthcare system!

Equal Opportunity/Affirmative Action Statement

Change Healthcare is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, genetic information,  national origin, disability, or veteran status. To read more about employment discrimination protections under federal law, read EEO is the Law at and the supplemental information at

If you need a reasonable accommodation to assist with your application for employment, please contact us by sending an email to with "Applicant requesting reasonable accommodation" as the subject. Resumes or CVs submitted to this email box will not be accepted.

Click here to view our pay transparency nondiscrimination policy.

Change Healthcare maintains a drug free workplace and conducts pre-employment drug-testing, where applicable, in accordance with federal, state and local laws.

Talent Acquisition Process


Visit our career site, create a profile, and submit your application. Make sure to observe the job description and see how your background can align to the requirements of the role.


Once you apply for a job opening, the Sourcing Specialist or Talent Adviser will review your resume ensuring your background matches the minimum job requirements. Selected candidates will be invited for a phone screen.


Steps will vary by team, but typically include: Talent Advisor phone screen, hiring manager interview, and a combination of technical screens and panel interviews.


If you're selected, you can expect the Talent Advisor to reach out with specific offer details. During this stage you will be provided with an electronic offer letter and other new hire documents.


Once you've received your offer letter, our onboarding team will get you ready for Week 1 and set you up for success! Onboarding tasks may include a background check, drug screening, and other job specific requirements.



Visit our career site, create a profile, and submit your application. Make sure to observe the job description and see how your background can align to the requirements of the role.

Job Alerts

Don't see the role you're looking for or not ready to apply yet?

Sign-up to get the latest opportunities at Change Healthcare.

Sign Up