Our Information Security Compliance Officer develops and evaluates compliance with laws, regulations and best practice frameworks to mitigate cybersecurity risk and ensure protection of company assets and information, researches and interprets current and pending governmental laws/regulations and reviews and responds to customer and vendor contracts to attest to compliance requirements. Conducts information security risk assessments and security compliance audits. Establishes IT security audit procedures relevant to SOC2, NIST 800-53, ISO27001/2, HIPAA/HITRUST. Evaluates and tests the design and operating effectiveness of IT security controls. Maintains compliance of internal IT security controls by meeting internal and external information security requirements. Documents, investigates and reports cybersecurity compliance issues and incidents. Works with business leaders to ensure information security risk findings are reviewed and solutions are implemented.
- Conduct internal and external compliance audits across 4 separate business units with different compliance frameworks
- Prepare management report of audit findings and track remediation work
- Review and redline customer security requirements in contracts
- Respond to all customer security questionnaires
- Review 3rd party vendor security/compliance
MINIMUM KNOWLEDGE, SKILLS AND ABILITIES REQUIRED:
- A strong foundation in IT Governance/Compliance frameworks, specifically HITRUST, SOC2, CJIS and ISO27001
- Periodic domestic and international travel is required.
- Bachelor’s degree in Information Systems or equivalent 5+ years experience
- CISM, CISA and/or CISSP certifications (will consider demonstrated experience operating and administrating networks as a substitute for certification);
- 5 or more years experience in information security including experience within a multi-platform technical environment;
- project management experience
- In-depth understanding of information security technologies and processes.
- Must have the ability to multi-task and execute with minimal supervision from management.
- Demonstrated knowledge and execution of information security policy practices and procedures.
- Strong interpersonal skills.
- Demonstrated excellent technical writing skills.
- Willingness to work during non-business hours as needed and be on-call to support the business 7x24.
- Understanding and previous involvement in state, corporate and federal regulatory compliance initiatives.