• Develop and maintain organizational compliance programs (e.g. SOC 2/HITRUST/ISO 27001).
• Participate in security assessments and audits and ensure timely responses to inquiries.
• Perform assessments and gap analysis to identify and evaluate security risks and threats.
• Coordinate with internal and external stakeholders to provide evidence of security compliance.
• Conduct periodic reviews of security policies, procedures, standards, and guidelines and ensure alignment with regulatory requirements and industry best practices.
• Establish a third-party vendor assessment program to evaluate vendors to comply with company security requirements.
• Maintain compliance with cybersecurity frameworks in areas where applicable (e.g. NIST, CIS, and HIPAA).
• Promote a culture of security awareness across the organization.
• Stay up-to-date with the latest security threats, trends, and technologies.

REQUIRED JOB QUALIFICATIONS:

Education:

• Bachelor’s degree in cybersecurity or computer information systems.
• Minimum of 5 years of related work experience.
• Relevant industry certifications such as CISA or similar.

Experience:

• Responding to client/customer security inquiries.
• Strong familiarity with industry frameworks such as SOC, ISO, HITRUST, NIST, and FDA part 11.
• Working knowledge of common audit and compliance tools.
• Demonstrable knowledge in the assessment of third-party vendors.
• Communication and interpersonal skills, with the ability to collaborate effectively with diverse teams.