Security and Compliance Manager

Summary

Join our team as a highly skilled and motivated Security & Compliance Manager to ensure our company meets and maintains HITRUST certification and adheres to customer contractual compliance requirements.

Requirements

• Bachelor’s degree in Information Security, Computer Science, or a related field
• Minimum of 7 years of experience in information security, IT audit, compliance, or a related role, preferably within the healthcare industry . Master’s degree preferred
• In-depth knowledge of HITRUST CSF and experience leading HITRUST certification processes
• Strong understanding of healthcare regulations and standards, including HIPAA
• Proven track record of developing and executing compliance and risk management programs in healthcare
• Excellent analytical, problem-solving, and decision-making skills
• Strong communication and interpersonal skills, with the ability to influence and build relationships at all levels of the organization

Responsibilities

• Develop, implement, and maintain compliance programs to ensure adherence to all applicable laws, regulations, and industry standards
• Monitor changes in legislation and regulatory environments, providing guidance and updates to senior management
• Conduct regular audits and assessments to evaluate compliance effectiveness and identify areas for improvement
• Compliance investigations, action plans and overseeing compliance training
• Main POC for company compliance
• Lead and manage the HITRUST audit process, ensuring all necessary documentation and controls are in place
• Lead the development and implementation of security policies and procedures to safeguard company assets and sensitive information
• Familiar with personally implementing and maintaining technology surrounding security and compliance, including WAFs, VPNs, SAST, and DAST. Collaborate with IT, engineering, HR, and other departments to ensure cyber security measures are in place and implemented as a part of our regular business project planning
• Oversee incident response planning and coordinate responses to security breaches or vulnerabilities
• Identify, assess, and prioritize risks across the organization, developing risk mitigation strategies
• Facilitate risk assessments and develop reports to communicate findings and recommendations to senior leadership
• Foster a risk-aware culture by providing training and resources to employees on risk management best practices
• Work closely with cross-functional teams to ensure compliance and risk management initiatives align with business objectives
• Prepare and present regular reports on compliance, security, and risk management activities to the executive team and board of directors
• Serve as the primary point of contact for regulatory agencies and external auditors
• Provide training and guidance to staff on security and compliance best practices

Benefits

• Meaningful work each day, we care deeply about our mission, our patients, and each-other
• Work from anywhere in the US that best fits your lifestyle, or, for those that enjoy an in-person environment, join teammates in our hybrid hub Nashville
• Rich PTO and holiday plans to ensure you have time away to rest and recharge
• Paid parental leave
• Support a healthy work-life integration, and offer work flexibility – we love to talk about our pets and families
• Medical, dental, vision, life, disability, wellness resources, and an employer HSA contribution all from Day 1
• We are committed to fair and equitable pay for all employees, and we help you achieve your future goals with an employer match 401k
• An inclusive workplace where you can lean on your teammates, offer candid feedback, and bring your true self to work each day