Logo for Planned Parenthood Federation of America

Associate Director, Regulatory Risk, Compliance & Accreditation

Role overview

Qualifications

  • Bachelor’s degree and 5+ years of industry experience
  • Experience with compliance requirements and industry standards (HIPAA Security, PCI DSS, NIST, CIS, etc.)
  • Minimum of 2 years of experience in governance, risk, and compliance (GRC)
  • Strong written and verbal communication skills

Responsibilities

  • Serve as an Information Security Technology Program Expert and Accreditor for the PPFA Accreditation & Certification Program
  • Conduct PCI DSS compliance activities and risk assessments across the federation
  • Evaluate security and technology systems, controls, and policies of affiliate organizations
  • Communicate professionally and effectively with technical and executive stakeholders

Key facts

  • Remote from: United States
  • Full time
  • Expert & Leadership (>10 years)
  • 0
  • English

Other skills

  • Governance
  • Communication
  • Analytical Skills
  • Detail Oriented
  • Problem Solving

About the company

Planned Parenthood Federation of America logo

Planned Parenthood Federation of America

Planned Parenthood is a trusted health care provider, an informed educator, a passionate advocate, and a global partner. Our skilled health care professionals at our 650 health centers deliver vital reproductive health care, sex education and information to millions of women, men, and young people worldwide. For the past century, Planned Parenthood has transformed women’s health and empowered millions of people worldwide to make informed health decisions, forever changing the way they live, love, learn and work. And we’re just getting started. We are dedicated to creating a healthier world and we will not rest until access to health care and rights is a reality for all people. We are building on our proud legacy and launching our second century with as much passion, courage and conviction as our first. Join us in our movement!

Company details

Company typeSME
Company size501 - 1000

Your match analysis

See how your profile stacks up against this role.

We compared the job requirements to your profile to show where you're strong and where you fall short.

Job description

Planned Parenthood is the nation’s leading provider and advocate of high-quality, affordable sexual and
reproductive health care for all people, as well as the nation’s largest provider of sex education. Planned
Parenthood organizations serve all people with care and compassion, with respect, and without judgment,
striving to create equitable access to health care. Through health centers, programs in schools and
communities, and online resources, Planned Parenthood is a trusted source of reliable education and
information that allows people to make informed health decisions. We do all this because we care
passionately about helping people lead healthier lives.

Planned Parenthood Federation of America (PPFA) is a 501(c)(3) charitable organization that supports the
independently incorporated Planned Parenthood affiliates, which operate non-profit health centers across
the U.S. PPFA also works to educate the public on and advocate for issues of sexual and reproductive
health. Formed as the advocacy and political arm of Planned Parenthood Federation of America, Planned
Parenthood Action Fund is a separate non-profit membership organization tax-exempt under section
501(c)(4). The Action Fund engages in educational, advocacy, and limited electoral activity, including
grassroots organizing, legislative advocacy, and voter education in furtherance of the Planned Parenthood
mission.

Planned Parenthood Federation of America (PPFA) and Planned Parenthood Action Fund seek a dynamic
and effective Associate Director, Regulatory Risk, Compliance & Accreditation. This job reports to
the Director, Information Security, Risk & Compliance in the Information Security department of PPFA. The
Office of Information Security provides the strategy and implementation of the information security
program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors,
and staff.

Purpose:
  • The Associate Director will serve as an Information Security & Technology (IS&T) Program Expert
    and Accreditor for the PPFA Accreditation & Certification Program, which works to assess and
    manage risks across the federation through routine evaluation of its affiliate and ancillary
    organizations.
  • The Associate Director is also responsible for PCI DSS compliance activities across
    the federation, which ensures that relevant internal controls are assessed and meet established
    information security, regulatory, operational, and reporting policies, regulations, and guidelines,
    while also providing support to the Third Party Risk Management (TPRM) Program, as needed.

  • Engagement:
  • The Associate Director will be part of the HIPAA, Risk & Compliance team.
  • This role will engage with the Information Security team, team members across the broader TSS division, the Accreditation &Evaluation Department (AED) team, Development, Finance, Office of the General Counsel and third party vendors.
  • This role will engage with the executive and operational staff within the PPFA National Office, affiliates,
    and ancillary organizations.

  • Delivery:
  • The Associate Director will deliver by evaluating security and technology systems, controls, and
    policies of affiliate and ancillary organizations, write reports that interpret assessment results and
    enumerate any findings, develop and track corrective actions, and assess efficacy of risk mitigation
    activities performed by the affiliate or ancillary organization.
  • The Associate Director will deliver by
    conducting PCI DSS compliance activities utilizing assessment tools to ensure regulatory
    compliance and risk management across the federation.
  • Conducts Accreditation and Certification interviews, risk assessments, and technical analyses
    to determine areas of risk and non-compliance with defined IS&T criteria aligned to cyber
    security frameworks (NIST CSF) and regulatory requirements (HIPAA Security, PCI DSS).
  • Conducts Accreditation and Certification interviews, risk assessments, and technical analyses
    to determine areas of risk and non-compliance with defined IS&T criteria aligned to cyber
    security frameworks (NIST CSF) and regulatory requirements (HIPAA Security, PCI DSS).
  • Conducts Accreditation and Certification interviews, risk assessments, and technical analyses
    to determine areas of risk and non-compliance with defined IS&T criteria aligned to cyber
    security frameworks (NIST CSF) and regulatory requirements (HIPAA Security, PCI DSS)
  • Uses broad and deep security knowledge and technical evaluation skills to help ensure risks
    are appropriately identified, assessed, and documented
  • Thoroughly reviews documentation, third party assessments, and audit samples for
    compliance with IS&T Accreditation criteria and identifies any discrepancies or corrective
    actions
  • Executes IS&T Accreditation processes and activities including attestation review and
    technical security control analysis and testing, where applicable, to validate control
    effectiveness
  • Escalates potential high or critical risk Accreditation findings to ensure alignment and
    appropriate notification and remediation activities
  • Weighs risk scope and impact when Identifying and articulating risk outcomes in final reports
    and presentations to Accreditation stakeholders
  • Reviews and assesses corrective action reports to determine effective remediation of
    identified Accreditation and PCI DSS risks
  • Identifies improvements and trends in review operations, criteria, and methodology, and
    develops plans and proposals to improve and evolve the IS&T Accreditation
    program/requirements over time
  • Identifies areas of continuous improvement in the evaluation process and criteria, and
    adjusts to the evolution of Accreditation operations and requirements
  • Ensures timely communications and project management of individual Accreditation reviews
    and PCI DSS compliance activities
  • Maintains thorough and organized tracking of Accreditation and PCI DSS requirements,
    assessment results, and corrective actions
  • Support and educate affiliates and ancillary organizations on required PCI DSS compliance
    activities
  • Review and update internal PCI DSS training content, policies, and procedures, as
    necessary, for national office staff.
  • Execute annual PCI DSS self-assessment questionnaires for all payment flows to identify
    security and technical deficiencies and collaborate across teams to remediate appropriately.
  • Finalize and obtain signature for annual PCI DSS AOC.
  • Facilite required vulnerability scanning of relevant cardholder data environments (CDEs),
    which includes running a quarterly scan, identifying security and technical deficiencies,
    ensuring appropriate scope, and following up for remediations or documenting exceptions.
  • Obtain and manage external PCI DSS vendors’ AOCs
  • Support the PPFA TPRM team, as needed
  • Communicates professionally and effectively with technical, non-technical, and executive stakeholders
  • All other duties as assigned

  • Knowledge, Skills and Abilities (KSAs):
  • Bachelor’s degree and 5+ years of industry experience is required
  • Experience with compliance requirements and industry standards (HIPAA Security, PCI DSS,
    NIST, CIS, etc.) is required
  • Current industry certifications, particularly security and/or auditing certifications, a plus
    (CISA, CRISC, GSEC, etc.)
  • Understanding of Information Security, Risk and Compliance
  • Minimum of 2 years of experience in governance, risk, and compliance (GRC), assessing,
    auditing, accreditation, and evaluating or implementing IT and information security controls,
    including experience reviewing information security systems, policies, processes, technology
    environments, internal control frameworks, compliance requirements, and audit programs.
  • A deep understanding of IT and information security environments and administration
  • Strong written and verbal communication, including technical and non-technical writing skills
  • Strong attention to detail and analytical skills
  • Ability to balance firm adherence to security practices and flexibility in a fast-paced and
    continuously changing environment
  • Ability to maintain neutrality and fairness in the review process, and avoid or raise any
    possible bias
  • Knowledge of security technologies (security tools, networking, device protections,
    encryption, data protection, identity and access management, etc.)
  • Commitment and track record of advancing racial equity in both operations and
    communications.
  • High proficiency in Google products
  • Flexibility and ability to adapt to quickly changing priorities and ambiguous situations
  • Travel: 0-10%, domestic travel, as needed

    Planned Parenthood's cultural ethos, "In This Together", reflects our commitment to building a
    workplace culture that fosters belonging, promotes learning throughout the employee lifecycle, and
    recognizes individual contributions to our mission.

    Planned Parenthood Federation of America participates in the E-Verify program. Planned
    Parenthood Federation of America is an equal employment opportunity employer and is committed
    to maintaining a non-discriminatory work environment, and does not discriminate against any
    employee or applicant for employment on the basis of race, color, religion, sex, national origin, age,
    disability, veteran status, marital status, sexual orientation, gender identity, or any other
    characteristic protected by applicable law. Planned Parenthood is committed to creating a dynamic
    work environment that values diversity and inclusion, respect and integrity, customer focus, and
    innovation.

    Apply once. Then go straight to the hiring manager.

    After you apply, unlock the direct contact details of the people who actually make the call. A quick follow-up makes you 5x more likely to land an interview.

    MR

    Marcus Rivera

    Chief Revenue Officer

    m.rivera@company.com
    linkedin.com/in/marcusrivera
    Unlocked after you apply
    ·

    Related jobs

    Other jobs at Planned Parenthood Federation of America

    Premium

    Reach out to the hiring manager directly.

    Gain access to the contact details of the hiring managers who actually decide, and reach out to network with them directly. That, plus more when you upgrade:

    • Full match report with fit score and gaps
    • Career diagnostics on how recruiters read you
    • Curated company matches and warm intros
    • 48h early access to new roles

    Cancel anytime.