InfoSec Compliance Documentation Specialist

Summary

Join our team as a Security and Privacy Compliance Specialist! This remote/hybrid role, preferably based in Utah, is crucial for ensuring our organization's compliance with industry standards and regulations. You will monitor and maintain compliance with regulations like SOC-2, HIPAA, and HITRUST, conduct regular audits and risk assessments, and develop and implement security and privacy policies. Your responsibilities include identifying and mitigating data security risks, designing employee training programs, and assisting in incident response. You will also assess third-party vendors for compliance and collaborate with various teams to ensure data protection. This role requires strong analytical and communication skills, along with experience in information security and privacy compliance.

Requirements

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or experience in a related field preferred
• Proven experience in information security, privacy compliance, or a related field
• In-depth knowledge of relevant regulations, standards, and frameworks (e.g., GDPR, HIPAA, HITRUST, SOC-2, NIST, ISO-27001, and others.)
• Strong analytical and problem-solving skills, with keen attention to detail
• Excellent communication and interpersonal skills to work effectively with technical and non-technical stakeholders
• Ability to manage multiple projects and meet deadlines in a fast-paced environment

Responsibilities

• Monitor and ensure adherence to relevant security and privacy regulations, such as SOC-2, HIPAA, HITRUST, and others
• Conduct regular compliance audits and risk assessments to identify gaps and recommend corrective actions
• Participate in the Development, implementation, and maintenance of security and privacy policies, procedures, and guidelines
• Ensure documentation is current and accessible to relevant stakeholders
• Identify potential risks to the organization’s data security and privacy and work with other members of the security team to develop mitigation strategies
• Collaborate with cross-functional teams to implement risk management practices
• Design and deliver training programs to educate employees on security and privacy best practices
• Promote awareness of security threats and ensure employees understand their role in compliance efforts
• Assist in the development and execution of incident response plans
• Participate in documenting investigations of security breaches and privacy violations, ensuring timely reporting to regulatory bodies when necessary
• Assess third-party vendors and partners for compliance with security and privacy standards
• Work with business to establish data protection agreements
• Work with Sales team to onboard new clients by completing and returning security information requests, and questionnaires
• Regularly review and analyze security systems and controls to ensure compliance with evolving regulations
• Prepare and present reports to senior management on the organization's security and privacy compliance status

Preferred Qualifications

• Familiarity with data protection technologies and tools (e.g., encryption, DLP, SIEM systems)
• Knowledge of emerging privacy laws and trends

Benefits

• Comprehensive benefits package including medical, dental and vision insurance
• Health Savings Account
• Generous PTO and Holiday Pay
• 401(k) retirement plan
• Remote/virtual-office consideration