Cybersecurity & Compliance Specialist

EyeCarePro is seeking a skilled Cybersecurity & Compliance Specialist to lead the development, implementation, and management of security strategies, ensuring governance, risk management, and compliance across our digital platforms. As a leader in digital marketing solutions for eye care professionals, we need a compliance expert who can guide the implementation of robust security frameworks, maintain regulatory adherence, and drive continuous improvement in security and privacy practices within the healthcare and digital marketing industries.

Key Responsibilities:

Cybersecurity Strategy & Risk Management:

• Develop, implement, and enforce cybersecurity policies and procedures tailored to EyeCarePros digital platforms.

• Ensure compliance with industry standards and regulations including HIPAA, ISO 27001, and NIST, particularly regarding sensitive patient data in the eye care sector.

• Lead vulnerability assessments, risk evaluations, and implement mitigation strategies to enhance security.

• Oversee the creation and maintenance of disaster recovery plans and business continuity protocols.

ISO 27001 & Security Frameworks:

• Manage and refine the Information Security Management System (ISMS) in alignment with ISO 27001 standards.

• Oversee ISO certification processes and ensure ongoing compliance with cybersecurity standards relevant to healthcare and digital marketing.

• Draft and implement security policies to protect digital marketing platforms and sensitive data.

HIPAA & Healthcare Data Compliance:

• Ensure HIPAA compliance, including the Privacy Rule, Security Rule, and Breach Notification Rule, across EyeCarePros services.

• Lead the implementation of business associate compliance solutions and security frameworks to safeguard sensitive patient and client information.

Internal Audits & Continuous Improvement:

• Conduct regular internal audits to assess compliance with security and privacy regulations.

• Drive continuous improvement of cybersecurity practices, enhancing EyeCarePros ability to meet evolving digital and healthcare standards.

Security Awareness & Training:

• Educate employees on security policies and best practices for handling healthcare-related data.

• Foster a culture of cybersecurity awareness and vigilance across the organization, ensuring all team members understand their role in protecting sensitive data.

Preferred Qualifications & Experience:

• Proven experience in cybersecurity, risk management, and compliance.

• Expertise in ISO 27001, HIPAA, and NIST security frameworks.

• Hands-on experience with risk assessments, internal audits, and implementing security policies.

• Strong understanding of data privacy regulations specific to healthcare and digital marketing.

• Exceptional communication skills for training and documentation purposes.

Preferred Certifications:

• ISO 27001 Lead Implementer or Auditor

• CISSP, CISM, or CIPP/US

Desirable Skills:

• Familiarity with NIST and other cybersecurity frameworks.

• Experience with security tools for compliance and risk management.

• Knowledge of digital marketing compliance, specifically in healthcare settings.

This is a fully remote position with working hours from 9 AM - 5 PM EST.