E00970 – Security Compliance Process Improvement Mgr.
IT Security, Compliance & Process Improvement Manager plays an active role in developing and strengthening the IT Controls environment across the RCA’s enterprise. This highly visible role will report to the Chief Information Officer and work closely with the IT Leadership team, Legal and Corporate Compliance.
The IT Security, Compliance & Process Improvement Manager will assess and oversee all technology-related security and compliance issues across the organization including information security, privacy, and process redesign. This includes providing objective risk assessments of the company’s IT compliance with regulatory and organizational governing bodies. This position provides information security and privacy direction and advise for the company leading enterprise-wide initiatives and ensure sustained and reliable controls
The IT Security, Compliance & Process Improvement Manager will also direct the development and implementation of policies, procedures and controls to ensure that the organization’s practices remain observant to industry standards and all pertinent local, state/province/county and federal laws. The IT Controls and Compliance Manager will work directly with non-IT compliance professionals such as legal, audit, and the RCAs leads to ensure organizational alignment.
- Develop and Manage IT control systems and processes
- Manage the tracking and remediation of deficiencies to IT compliance guidelines and internal policies, including HIPAA related policies
- Lead the implementation and management of the IT GRC and Control Self-Assessment program
- Ensure that IT control self-assessments are timely, complete, and accurate
- Respond to third party security assessments and audit requests
- Provide guidance on process improvements and corrective action plans as necessary
- Identify and validate key controls, working with various teams to address identified deficiencies and help identify compensating controls
- Provide regular controls compliance metrics reporting and tracking
- Measure and report IT compliance performance against internal and external benchmarks and industry best practices
- Liaise with both internal and external auditors as the main point of communication from IT
- Ensure proper accounting of controls documentation for IT to include risk control, process narratives, testing, issue evaluation, and reporting
- Coordinate the review of the SaaS applications SOC reports, vendor assessments and follow-up actions across the enterprise
- Oversee, manage and report on the IT Change Management Process
- Lead regulatory data and privacy compliance assessment and remediation
- Partner with the legal and internal audit teams to facilitate compliance with privacy and data laws Provide guidance and support to IT and business to ensure continued compliance with the various mandates
- Manages the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing a realistic overview of risks and threats in the enterprise environment
- Provides an external perspective on developments within Information Security and recommends improvements to RCA’s security strategy.
- Monitors and report on security policies compliance, as well as the enforcement of policies
- Develops and evolves IT security policies, standards, guidelines and procedures to ensure operating efficiency and regulatory compliance
- Assists in performance and coordination of Security Incident Response activities
- Provides clear communications to management on various cyber activity
- Aligning IT Security with business objectives
- Other duties as assigned by Management
Education and Experience:
- Bachelor’s Degree in computer science or business administration preferred
- CISA, CISM and/or CISSP certification required
- Experience working in complex healthcare environments
- Understanding of IT security and controls in cloud computing environments
- Intimate understanding of HIPAA and HITECH Compliance requirements and IT General Controls
- Demonstrated experience in implementing compliance framework such as NIST, COBIT, ISO 27001
- Extensive experience coordinating, facilitating, and managing security and compliance audits
- Broad knowledge of State and Federal legislation and regulatory laws pertaining to information system security and privacy
- Ability to thrive in a highly matrix, fast-paced, multi-site organization experiencing rapid growth
- Possess excellent communications skills and organizational awareness
- Strong attention to detail and documentation
- Strong time management, organizational and priority setting skills
- Strong ability to analyze information and develop a comprehensive work plan
- Must be a leader and a manager, with the knowledge and experience to "get things done"
- Outstanding presentation and interpersonal skill, including written and oral communication
- Demonstrated problem solving and conflict resolution skills
- Strong business acumen to understand business requirements
Travel: Travel is primarily local during the business day, although some out-of-the-area and overnight travel may be expected.