Principal Pgm Mgr, Security Risk & Compliance
Job description
Remote Opportunity
PRIMARY FUNCTION
Under the direction of the CISO, this role is responsible for leading all aspects of security governance, risk, and compliance (GRC) across Pediatric Associates, Alpine Physicians Partners and Tapestri HealthTech. The role is an individual contributor (for now) but must have the power to lead, influence and execute leveraging vendor partners, collaborating with stakeholders, and performing work themselves.
ESSENTIAL DUTIES AND RESPONSIBILITIES
This list may not include all the duties that may be assigned.
Design, lead and execute the organizations’ security governance model to ensure security risk decisions are appropriately handled and documented.
Design, lead and execute the organizations’ security risk management strategy to develop policies and procedures, assess risk, and remediate gaps. Implement industry security frameworks (e.g., NIST CSF) and translate these into tailored, prescriptive control environments to guide security program investments in people, process, and technology.
Develop, lead and execute a plan to achieve and maintain compliance with applicable laws and regulations (e.g., HIPAA, PCI) within the scope of information security. Act as the point person when incoming audits are conducted.
Develop, lead, and execute a vendor risk management program, including metrics that track performance.
Develop, lead, and execute a security training and awareness program, including metrics that track performance.
Assess and leverage third-party resources and solutions to maximize and streamline the GRC program and processes.
QUALIFICATIONS
EDUCATION:
Minimum High School Diploma/GED or equivalent required.
Bachelor’s degree in information security, information systems or similar field preferred.
REQUIRED EXPERIENCE:
5 or more years working in information security risk management focusing on risk assessment, policies, controls, control frameworks, and security compliance.
PREFERRED EXPERIENCE:
2 or more years working in the healthcare industry in an information security GRC capacity.
LICENSURE / CERTIFICATION
CISSP, CISM or similar preferred
Must be legally authorized to work in the United States without the need for employer sponsorship, now or at any time in the future.
KNOWLEDGE, SKILLS, AND ABILITIES
Be a technical leader who can think strategically, has extensive technical knowledge, and can leverage technology, automation, and managed services to scale delivery of capabilities.
Security risk management, controls, and compliance, preferably in the healthcare industry; knowledge of HIPAA, NIST 800 or CSF, and PCI.
Stay current with the latest security trends, threats, and regulatory changes to ensure we stay ahead of the curve.
Assessing and developing information security policies, procedures, standards, and guidelines.
Ability to effectively leverage vendor resources and professional services to deliver results.
Excellent verbal and written communication skills; collaboration and interpersonal skills.
Highly organized, detail-oriented, excellent time management skills, and able to effectively prioritize tasks in a fast-paced, high-volume, and evolving work environment.
Independent judgement and decision-making abilities.
TYPICAL WORKING CONDITIONS
Non-patient facing.
Full-time remote/telework; must be contiguous U.S.-based.
Indoor office work.
Operating computer.
Lift/carry 21-50 lbs.
Push/pull 26-40 lbs.
Sitting; Squatting or kneeling; Bending.
Manual dexterity.
Travel may be required, less than 10%.
OTHER PHYSICAL REQUIREMENTS
Vision.
Sense of sound.
Sense of touch.
Ability to wear Personal Protective Equipment (PPE).
Location: Pediatric Associates · Information Security
Schedule: Full Time, Days
abouteureka.com is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, abouteureka.com provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, abouteureka.com is the ideal place to find your next job.