Security & Compliance Manager

About the Role:

We are seeking a highly skilled and motivated Security & Compliance Manager to join our team. This role is crucial to ensuring our company meets and maintains HITRUST certification and adheres to customer contractual compliance requirements. The ideal candidate will be responsible for overseeing compliance with regulatory requirements, enhancing our security posture, and managing potential risks across the organization. This role requires a strategic thinker with a deep understanding of compliance frameworks, information security protocols, and risk management within the healthcare industry.

Primary Responsibilities:

• Compliance Oversight:
• Develop, implement, and maintain compliance programs to ensure adherence to all applicable laws, regulations, and industry standards.
• Monitor changes in legislation and regulatory environments, providing guidance and updates to senior management.
• Conduct regular audits and assessments to evaluate compliance effectiveness and identify areas for improvement.
• Compliance investigations, action plans and overseeing compliance training
• Main POC for company compliance  
• Security Management:
• Lead and manage the HITRUST audit process, ensuring all necessary documentation and controls are in place.
• Lead the development and implementation of security policies and procedures to safeguard company assets and sensitive information.
• Familiar with personally implementing and maintaining technology surrounding security and compliance, including WAFs, VPNs, SAST, and DAST. Collaborate with IT, engineering, HR, and other departments to ensure cyber security measures are in place and implemented as a part of our regular business project planning.
• Oversee incident response planning and coordinate responses to security breaches or vulnerabilities.
• Risk Management:
• Identify, assess, and prioritize risks across the organization, developing risk mitigation strategies.
• Facilitate risk assessments and develop reports to communicate findings and recommendations to senior leadership.
• Foster a risk-aware culture by providing training and resources to employees on risk management best practices.

• Training and Reporting:
• Work closely with cross-functional teams to ensure compliance and risk management initiatives align with business objectives.
• Prepare and present regular reports on compliance, security, and risk management activities to the executive team and board of directors.
• Serve as the primary point of contact for regulatory agencies and external auditors.
• Provide training and guidance to staff on security and compliance best practices.

Qualifications:

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Minimum of 7 years of experience in information security, IT audit, compliance, or a related role, preferably within the healthcare industry. Master’s degree preferred.
• In-depth knowledge of HITRUST CSF and experience leading HITRUST certification processes.
• Strong understanding of healthcare regulations and standards, including HIPAA.
• Proven track record of developing and executing compliance and risk management programs in healthcare 
• Excellent analytical, problem-solving, and decision-making skills.
• Strong communication and interpersonal skills, with the ability to influence and build relationships at all levels of the organization.
• Relevant certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Compliance and Ethics Professional (CCEP), Certified Risk Management Professional (CRMP)) are a plus.