GRC (Governance, Risk, and Compliance) Specialist

EyeCarePro is seeking a highly skilled GRC Specialist to lead our policies and procedures, ensuring governance, risk management, and compliance across our organization. As a leader in digital marketing solutions for eye care professionals, we require a compliance expert to guide the implementation of security strategies, maintain regulatory adherence, and foster continuous improvement in security and privacy practices specific to the healthcare and digital marketing industries.

Key Responsibilities:

Compliance Implementation & Risk Management:

• Lead the development and enforcement of compliance policies and procedures tailored to the needs of EyeCarePro.
• Ensure the organization meets regulatory requirements, including HIPAA, ISO 27001, and NIST, particularly in handling sensitive patient data for eye care professionals.
• Create and maintain risk assessment documentation, including Disaster Recovery Plans.
• Identify vulnerabilities, assess risks, and implement mitigation strategies.

ISO 27001 & Security Frameworks:

• Develop, implement, and manage an Information Security Management System (ISMS) aligned with ISO 27001.
• Oversee certification processes and ensure ongoing compliance with healthcare marketing and data privacy standards.
• Draft and implement security and privacy policies in alignment with best practices for EyeCarePros digital platforms.

HIPAA & Healthcare Compliance:

• Ensure compliance with HIPAA regulations, including the Privacy Rule, Security Rule, and Breach Notification Rule, as they relate to EyeCarePros services for eye care professionals.
• Implement business associate compliance solutions and security frameworks to protect sensitive patient and client data.

Auditing & Continuous Improvement:

• Conduct internal audits and maintain comprehensive compliance documentation.
• Drive continuous improvement in security and compliance practices to enhance the safety and trustworthiness of EyeCarePros services.

Security Awareness & Training:

• Educate employees on security policies and best practices specific to handling healthcare-related data.
• Foster a culture of compliance and vigilance throughout the organization.

Preferred Qualifications & Experience:

• Proven experience in governance, risk, and compliance, including ISO 27001 implementation.
• Strong understanding of HIPAA regulations and healthcare data compliance requirements.
• Familiarity with EHNAC standards; direct accreditation experience is a plus.
• Expertise in risk assessment and mitigation strategies.
• Experience conducting internal audits and managing compliance-related projects.
• Strong communication and training skills.

Preferred Certifications:

• ISO 27001 Lead Implementer or Auditor
• CISSP, CISM, or CIPP/US

Desirable Skills:

• Familiarity with security frameworks such as NIST.
• Experience with security tools for compliance and risk management.
• Understanding of digital marketing compliance in healthcare settings.

This is a fully remote position with working hours from 9 AM - 5 PM EST.