Security Compliance Manager
The Security Compliance Manager ensures compliance with information security requirements (HITRUST, NIST, etc) for 1upHealth. The Manager will report to the Director of Security Compliance. This role will aid in developing and implementing compliance policies and procedures and will help achieve positive outcomes in third party audits and certifications. The Manager will also assess security compliance issues and recommend changes that assure compliance with contract obligations.
In this role you’ll get to:
- Work hand-in-hand with leaders in Engineering, Product, Legal, Finance and IT teams to create a Security & Privacy culture.
- Contribute to the performance of organization wide risk analysis and management.
- Ensure that all security monitoring systems and processes are effective.
- Actively collaborate with 1upHealth’s application security and software development teams to ensure that our products are following secure coding practices as well as privacy-by-design standards.
- Participate in 1upHealth’s Security Incident Response Plan, help test the effectiveness of the program and help coordinate incident response across the company.
- Contribute to 1upHealth’s HITRUST, SOC2, and other security audits that meet 1upHealth’s needs.
- Participate and contribute to the Security, Privacy and Compliance Committee.
- Provide expert advice in all areas of security framework compliance.
- Oversee the development and maintenance of company-wide Security policies and procedures.
- Develop communications and analyses for inclusion in executive level presentations.
- Develop and oversee company-wide security and compliance education.
- Provide guidance for staff and leadership on security topics.
- Help monitor the IT Security environment and interface with internal and external customers to provide information security expertise.
- Serve as a technical escalation resource and provide guidance to non-technical staff.
- Assist in the establishing departmental goals that are consistent with, and lead to the successful achievement of 1upHealth’s strategic objectives.
- Identify problems and opportunities for improvement and generate creative solutions that improve qualitative and quantitative performance.
We are looking for people who have:
- At least 5 years in the healthcare IT industry.
- Experience developing and contributing to security policies and procedures.
- Understanding of Data Governance and Data Security/Protection.
- Understanding of concepts of the least privilege and zero trust models.
- Experience and knowledge of performing vendor risk management and risk management best practices with SaaS based applications.
- Understanding of Information Security frameworks with experience in implementing security controls (NIST, HITRUST, ISO, etc.).Experience with third party audits (HITRUST, SOC 2, FedRamp, ISO 27001, etc,)
- Experience managing or implementing IT security programs.
- Previous experience auditing, developing internal controls, and managing organizational risk.
You may also have:
- An IT Security Certification (CISSP, CISA, CISM etc.) completed or currently in progress.
- Knowledge of privacy law and regulation (e.g. HIPAA)
- Knowledge of FHIR and interoperability.
- Experience with cloud platforms (AWS, Azure, GCP)
- Experience managing Data Loss Prevention (DLP) solutions.
- Excellent writing and presentation skills