Who We Are

MorganFranklin Cyber is a leading professional services firm specializing in comprehensive solutions for cybersecurity, AI, and adjacent services. As a Private Equity backed firm, we are dedicated to protecting clients' critical assets and enhancing their resilience in an ever-evolving threat landscape.

We understand the critical importance and challenges organizations face in maintaining robust security and adjacent programs. Our tailored approach addresses specific needs, ensuring cost-effective and results-driven delivery. Our expertise spans:
 

• Artificial Intelligence (AI)
• Cyber Fusion Center (CFC)
• Identity and Access Management (IAM)
• Cyber Strategy and GRC
• Architecture, Engineering, and Infrastructure/OT (AEGIS)
• Cyber and Operational Resilience (CORe)

Our Services Include

• Advisory & Management Consulting: Executive-level consulting to improve performance and guide program execution.
• Cybersecurity Innovation Center (CIC): A cloud-based lab for developing and innovating cybersecurity solutions.
• Project Resourcing: Rapidly scaling project resources and providing contract-to-hire services.
• Managed Services: Outsourcing functions to efficiently execute and operate programs.

Position Overview
We are seeking an experienced Governance, Risk, and Compliance (GRC) Director to join our organization and lead information security and compliance initiatives. This role will be responsible for developing, implementing, and maintaining our GRC program to ensure compliance with healthcare and payment data protection regulations while safeguarding patient and financial information.

Key Responsibilities

• Develop and maintain comprehensive GRC policies, procedures, and standards aligned with HIPAA, HITECH, PCI DSS, and other healthcare regulations
• Lead compliance efforts for regulatory and industry requirements including Joint Commission, CMS, PCI DSS, and state-specific mandates
• Oversee the organization’s PCI DSS compliance program, including quarterly scans, self-assessment questionnaires (SAQs), and audit readiness
• Coordinate with acquiring banks, payment vendors, and Qualified Security Assessors (QSAs) during PCI DSS assessments
• Manage internal and external audit processes, coordinating responses and remediation activities across HIPAA and PCI DSS domains
• Maintain and update the organization's risk register, control library, and compliance documentation
• Serve as primary liaison with regulatory bodies, external auditors, and PCI compliance partners

Risk Management

• Conduct regular risk assessments across clinical, administrative, and payment processing systems
• Identify, analyze, and prioritize information security and operational risks related to cardholder data environments (CDEs)
• Develop and implement risk mitigation strategies that address both healthcare and payment data risks
• Monitor key risk indicators and report compliance metrics to executive leadership
• Facilitate vendor risk assessments and third-party PCI compliance evaluations

Technology & Tools Management

• Utilize Microsoft security and compliance offerings including Microsoft Purview, Defender, and Azure Security Center
• Leverage Rapid7 platform for vulnerability management, threat detection, and security analytics
• Ensure segmentation and protection of the PCI cardholder data environment (CDE) using appropriate network and endpoint controls
• Implement and maintain GRC tools and platforms to automate compliance workflows for HIPAA, PCI DSS, and other frameworks
• Generate compliance reports and dashboards for stakeholders, including PCI DSS compliance status reports

Program Development

• Design and deliver security awareness and training programs for staff, including PCI awareness for employees handling payment data
• Establish and maintain incident response procedures and business continuity plans that address potential payment card data breaches
• Lead cross-functional teams in compliance projects related to HIPAA, HITECH, and PCI DSS
• Develop and track key performance indicators (KPIs) for the GRC program
• Foster a culture of security and payment data protection awareness throughout the organization

Required Qualifications

• Education & Certifications
• Bachelor’s degree in Information Security, Healthcare Administration, Computer Science, or related field
• One or more relevant certifications required: CISSP, CISM, CISA, or PCI Professional (PCIP) preferred
• Epic and Microsoft Azure certification(s) preferred

Experience

• 5+ years of experience in GRC, information security, or compliance roles
• 3+ years of experience in a healthcare IT environment
• Demonstrated experience managing compliance programs for HIPAA and PCI DSS
• Experience with Microsoft security and compliance tools (Purview, Defender, Azure Security)
• Hands-on experience with Rapid7 platform for vulnerability and threat management
• Working knowledge of Epic EHR security and compliance
• Proven track record leading cross-regulatory compliance initiatives (e.g., HIPAA + PCI DSS overlap management)

Technical Knowledge

• Deep understanding of HIPAA Security and Privacy Rules, HITECH Act, and PCI DSS requirements
• Strong knowledge of healthcare compliance frameworks and payment data protection standards
• Proficiency with Microsoft 365 security stack and Azure security services
• Experience with vulnerability management, penetration testing coordination, and remediation
• Understanding of Epic security architecture, access controls, and audit functions
• Familiarity with ISO 27001, NIST CSF, and PCI DSS control frameworks

Skills & Competencies

• Excellent analytical and problem-solving abilities
• Strong communication skills with ability to present to executive leadership and external assessors
• Project management capabilities with attention to detail
• Ability to translate technical compliance requirements (HIPAA, PCI) into business-friendly language
• Collaborative approach with cross-functional teams
• Strategic thinking balanced with tactical execution

Why Join Us:

• Opportunity to make a significant impact in a dynamic and growing company.
• Collaborative and inclusive work environment.

MorganFranklin Cyber is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.

Perks:

• Unmatched career growth opportunities.
• Work with top leaders in the Cybersecurity field.
• A flexible, independent work environment to excel.

Culture at our Core
At MorganFranklin Cyber, our culture is the cornerstone of our success. We believe in fostering a positive, collaborative, and innovative work environment where every team member is empowered to thrive. Our core tenets guide us in everything we do, ensuring that we prioritize integrity, teamwork, and continuous growth. We are committed to making a meaningful impact for our clients and our community.

MorganFranklin Cyber is an equal opportunity employer.

MF Cyber, LLC is privately held, founder-led and operated with majority ownership by M/C Partners. M/C Partners is a Boston, Massachusetts based private equity firm that has been investing in the IT services and communications industries for over three decades. Since inception in 1986, M/C Partners has raised over $3.0 billion in institutional equity in more than 150 businesses. M/C takes a long-term view towards its investments and has established a strong track record of partnering with management teams to build companies. They are one of the more experienced investors in the technology services industry and have completed dozens of investments in technology services and consulting organizations, including several with specializations in cybersecurity.

This role is part of MorganFranklin’s cybersecurity offering, MF Cyber LLC (“MorganFranklin Cyber”), and is aligned with our strategic commitment to delivering world-class cybersecurity solutions. As part of our international expansion efforts, this opportunity is structured to meet country-specific employment standards and regulatory requirements, ensuring global consistency and local compliance. Candidates will contribute to a dynamic team driving innovation and resilience across our global client base.