Security & Compliance Lead

Position Summary

The Security and Compliance Lead will be a proactive member of the Information Security and Compliance team with a strong background and track record of assessing and improving IT control environments. The individual will work with external auditors to execute HITRUST and SOC2 audits, assess internal compliance activities and identify and recommend process improvements. This individual will also conduct technical audits of security safeguards and risk assessments of third parties and is responsible for endpoint security monitoring and administration.  Coordinate responses to and remediation of findings related BHI customer-initiated audits.

Job Responsibilities

Information Security

• Successfully lead, plan, and manage implementations of security solutions tied to key security initiatives
• Lead and manage threat and vulnerability management program
• Lead and manage endpoint protection program including anti-virus, detection and response capabilities
• Assess and respond to information security alerts
• Identify, document and report on metrics and trends within assigned information security programs
• Oversee, improve, and monitor next generation anti-virus controls and operating procedures
• Administer and overseeEDR solution, identify control process and own solution internally interacting with MSSP (runbook)

Compliance

• Execute on our IT compliance plan to ensure an effective internal control environment for HITRUST and SOC 2 and other regulatory requirements
• Understand control frameworks (e.g., HITRUST, NIST, ISO, and PCI) and how they can be integrated into the overall security program
• Coordinate customer-initiated audits and remediation of any documented findings
• Review and assess IT application security controls
• Track remediation of IT controls to completion based on recommendations for improvement
• Assist with monitoring and reviewing access management
• Assist with information gathering and follow up requests for 3rd party auditors
• Track and keep management up to date on progress of remediation tasks
• Assist with vendor risk management program
• Assist with Due Diligence Questionnaire request for all potential vendors
• Manage assigned projects to completion communicating status and adjustments to deadlines
• Is familiar with HITRUST and SOC 2 compliance and its impact on company policies and processes
• Understands importance of adhering to HITRUST and SOC 2 requirements, and maintains an effort to do so
• Reviews and understands the Employee Handbook, and internal policies that define individual security responsibilities, and maintains segregation of duties in accordance to their role requirements

Job Requirements

• 7+ years of combined experience in the fields of Information Systems, Compliance and/or Security
• Knowledge of infrastructure, network communications and protocols
• Bachelor’s degree in information systems or related discipline
• CISSP or willingness to obtain preferred
• Working knowledge of information security and computer network, server, database, and user access technologies.
• Knowledge of HIPAA regulations or willingness to learn
• Self-starter who demonstrates initiative and displays a high energy level
• Strong organizational, prioritization and process improvement skills
• Effective verbal and written communication skills including ability to develop presentations summarizing analysis and synthesis/recommendations, catering to the specific audience
• Ability to identify areas for improvement and present and implement viable solutions
• Strong problem-solving skills that model clear, analytical thinking and sound judgment