POSITION SUMMARY The Compliance Specialist will be responsible for assessing clients for compliance with legislation and conformance with standards and frameworks. The Compliance Specialist will conduct risk assessments on-site at client facilities. The position involves a combination of working from home and includes up to 50% travel.Particular attention will be directed toward verifying compliance with the following industry standards, regulatory acts of Congress, and international frameworks:• Health Insurance Portability and Accountability Act (HIPAA)• Health Information Technology for Economic and Clinical Health Act (HITECH Act)• HITRUST Common Security Framework (CSF)• NIST (National Institute of Standards and Technology) Special Publication 800-53 – “Security and Privacy Controls for Federal Information Systems and Organizations”• ISO/IEC 27001:2013 “Information Technology – Security Techniques – Information Security Management Systems - Requirements”, developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC)• Payment Card Industry Data Security Standard (PCI-DSS) RESPONSIBILITIES• Use report templates, interview questionnaires and data collection methods to conduct assessments of policies, procedures and ISMS (Information Security Management System) maturity levels• Review client supplied evidence of policies, procedures, and other documents• Identify specific control deficiencies and recommend new or improved policies, procedures, and practices which would remediate or mitigate the identified deficiencies• Determine compliance status using developed grading criteria• Document the results of assessments in accordance with company standards• Communicate project status, concerns, or issues to management in a timely manner• Conduct potentially sensitive and confidential investigations while under Non‐Disclosure and No‐Compete agreements• Manage project scopes and timelines, and be responsible for travel logistics• Develop an understanding of each compliance standard and the validation requirements to satisfy the standards, including any policies, rules, regulations, or laws governing the area reviewed• Participate in reviewing the design and development of products, including internal assessment techniques and tools and client “value added” products and services• Perform other job related duties or special projects as assigned SKILLS AND EXPERIENCE• The successful applicant must possess or be able to pass an examination for HITRUST CSF. In addition, one or more current, applicable professional/technical certifications, such as CCSFP (Certified CSF Practitioner), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Security Compliance Specialist (CSCS), Certified Information Privacy Professional (CIPP), Certified Information Systems Security Professional (CISSP), Certified Internal Auditor (CIA).• Minimum 2 years assessment/audit experience, preferably in healthcare and/or information security. REQUIRED• Experience with Information Security, Privacy, IT Audit, Compliance, and IT Management Standards, such as HITRUST CSF, ISO/IEC 27001:2013, PCI-DSS, SSAE-16 SOC2, and NIST 800-53.• 2 years in an information technology security role with significant exposure to internal controls and risk assessment practices, preferably in medium to large corporate environments. PREFERRED• Bachelor's Degree in Information Systems, Computer Science, or related field.• Experience in performing IT security audits in a lead role, particularly in the conduct of integrated audits with other audit teams (financial, operational, and regulatory) will be strongly preferred.• Experience with IT Disaster Recovery Planning, including plan documentation, back-up management, data protection, and data recovery testing, will be strongly preferred.• Knowledge of IT management practices, network and application vulnerability assessments, change control, business continuity planning, data privacy, and risk assessment practices.
Important Safety Tips: You should find out as much as you can about the company. Meet your prospective employers/employees face to face. You should NOT have to provide your bank account details. Stay safe - read our safety tips.