Information Security Compliance Specialist I (Remote)

Description

American Specialty Health Incorporated is seeking an Information Security Compliance Specialist I to join our Information Security Programs (ISP) department. This position will assist the Information Security Compliance team with our third-party compliance efforts. This includes conducting oversight of our third-party vendors, responding to and providing evidence for external audits, and managing our annual business impact analysis and continuity plan update.

Salary Range

American Specialty Health complies with state and federal wage and hour laws and compensation depends upon candidate’s qualifications, education, skill set, years of experience, and internal equity. $56,700 to $82,000 Full-Time Annual Salary Range.

Remote Worker Considerations: 

Candidates who are selected for this position will be trained remotely and must be able to work from home (WFH) in a designated work area with company-provided technology equipment. This remote/WFH position requires you have a stable connection to your Internet Service Provider with the ability to participate by video in online meetings over a reliable and consistent network (minimum internet download of 50 Mbps and 10 Mbps upload speed).  

Responsibilities

• Assists with Information Security tasks and projects.
• Works with business owners throughout the company to coordinate and conduct on-boarding and periodic third-party risk assessments. Communicates both internally and externally to gather required information and evidence.
• Reviews third-party documentation and provide recommendations on whether to proceed with a vendor.
• Develops and manages the annual third-party audit plan.
• Maintains and reports on metrics around vendor oversight.
• Participates in weekly vendor oversight meetings; including documenting notes, action items, and updating third-party records based on meeting discussions.
• Coordinates the annual business impact analysis effort. Provides training to key stakeholders, gathers and reviews questionnaire responses, and assists with updating the business continuity plan.
• Assists with other compliance functions, including gathering and providing HITRUST evidence, responding to client and other external audits, and identifying and escalating cybersecurity risks.
• Reviews and updates related policies and procedures at least annually.
• Promotes understanding and adherence to the necessary policies, standards, and procedures to maintain security posture.
• Documents and/or diagrams technology, solutions, and configurations; including, but not limited to: Identity management, network management, change control, systems monitoring, incident response, vulnerability management, and configuration management; as needed, to support audit and reporting consistency.
• Assists both Information Security Compliance and Information Security Operations teams with initiatives and projects, as assigned.
• Attends online industry seminars, conferences, and training classes to maintain knowledge and skills.

Qualifications

• Bachelor’s degree in an applicable field, such as Information Security (IS), Information Technology (IT), Computer Science, Business Administration, or equivalent experience. If equivalent experience, high school diploma required.
• Minimum of 2 years of technical compliance or audit experience.
• Professional security certification, such as CISA, preferred.
• Demonstrated experience with implementing and maintaining compliance to both internal policies and procedures, and external frameworks such as HIPAA and the HITRUST Common Security Framework (CSF).
• Must have demonstrated experience in a dynamic, fast-paced working environment.
• Must have demonstrated experience in business continuity and third-party management a plus.
• Familiarity with IT risk and control concepts; including auditing, analysis, governance, risk assessment, and application of IT security controls.
• Strong analytical skills required; must be very detail-oriented with an ability to develop and apply complex concepts.
• Must have demonstrated experience with building workflows and automating manual tasks.
• Working knowledge of common enterprise technologies, such as Governance, Risk and Compliance (GRC) tools, Active Directory, networking, Windows, and MS 365 required.
• Must be technically proficient in performing assigned duties at a high-level of independence under minimal supervision while working within a team environment.
• Must possess a strong desire to learn new concepts and processes and actively seeks out new tasks.
• Must be able to prioritize and deliver on multiple initiatives.
• Must have demonstrated experience working successfully in a fully remote environment.
• Must possess clear and concise written and verbal communication skills.

Core Competencies

• Demonstrated ability to interact in a positive, respectful manner and establish and maintain cooperative working relationships.
• Ability to display excellent customer service to meet the needs and expectations of both internal and external customers.
• Excellent listening and interpersonal communication skills to identify critical core competencies based on success factors and organizational environment.
• Ability to effectively organize, prioritize, multi-task and manage time.
• Demonstrated accuracy and productivity in a changing environment with constant interruptions.
• Demonstrated ability to analyze information, problems, issues, situations, and procedures to develop effective solutions.
• Ability to exercise strict confidentiality in all matters.

Mobility

Primarily sedentary, able to sit for long periods of time. 

Physical Requirements

Ability to speak, see and hear other personnel and/or objects. Ability to communicate both in verbal and written form. Ability to travel within the facility. Capable of using a telephone and computer keyboard. Ability to lift up to 10 lbs.

Environmental Conditions

Work-from-home (WFH) environment.

American Specialty Health is an Equal Opportunity/Affirmative Action Employer.

All qualified applicants will receive consideration for employment without regard to sex (including pregnancy, childbirth, related medical conditions, breastfeeding, and reproductive health decision-making), gender, gender identity, gender expression, race, color, religion (including religious dress and grooming practices), creed, national origin, citizenship, ancestry, physical or mental disability, legally-protected medical condition, marital status, age, sexual orientation, genetic information, military or veteran status, political affiliation, or any other basis protected by applicable local, federal or state law.

Please view Equal Employment Opportunity Posters provided by OFCCP here.

If you are a qualified individual with a disability or a disabled veteran, you have the right to request an accommodation if you are unable or limited in your ability to use or access our career center as a result of your disability. To request an accommodation, contact our Human Resources Department at (800) 848-3555 x6702.

ASH will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the Company’s legal duty to furnish information.

#LI-Remote # InfoSec #Informationsecurity #Compliance #Audit