Director of Security and Compliance
Company: HealthTrio LLC
Posted on: October 13, 2019
- Establish and execute strategic, comprehensive enterprise
information security program directives and plans, including any
and all security training efforts to ensure that the
confidentiality, integrity, and availability of information is
owned, controlled or processed in a manner compliant with company
policy and relevant regulatory authorities.
- Establish, execute and monitor a comprehensive compliance
program to comply with HIPAA/HITECH, NIST 800-171 and state privacy
and breach laws.
- Develop and maintain information security policies, standards,
guidelines and oversee the dissemination of security policies and
practices; identify knowledge gaps to increase employee awareness
of relevant information security practices.
- Provide pre-sales support to the Sales team as the
subject-matter expert on HealthTrio's information security/privacy
program and security-related aspects of HealthTrio's software
- Respond to customer/prospect due diligence requests regarding
HealthTrio's Information Security program.
- Engage directly with customer/prospect security teams to
address any security/privacy issues that may arise.
- Provide leadership and guidance on information security topics,
advising and collaborating on security processes, business
continuity, and disaster recovery plans.
- Ensure that system and application security design is in
accordance with company policy; consult with technical teams to
ensure that security is factored into the evaluation, selection,
design, installation, and configuration of hardware, applications
- Periodically review the company security control set and
oversee introduction and implementation of new security tools and
- Lead investigations of any actual or potential information
security violations and manage escalation of security events.
- Monitor external threat environment for emerging threats and
advise relevant stakeholders on appropriate courses of action.
- Provide regular reporting on current state of information
security program to the senior management as appropriate, to
include an annual enterprise risk assessment.
- Establish metrics and reporting framework to measure the
efficiency, effectiveness, and maturity level of the program.
- Liaise with relevant business units and external agencies as
needed to ensure that the company maintains a strong security
- Work with system administrators and application developers to
audit, monitor and validate their environment's security, including
conducting gap analysis and other comprehensive internal
assessments of existing systems to improve the security
infrastructure and mitigate risks.
- Provide oversight to the architecture and engineering of new
security systems; including the evaluation of technical
- Review contract documents for proposed security requirements
and recommend modifications as required to ensure compliance with
regulations and to protect the integrity and viability of the
company's information security program.
SKILLS AND QUALIFICATIONS:
- Proven track record and experience in developing information
security programs, policies and procedures, including successful
implementations in medium to large enterprise environments.
- High degree of initiative, dependability; experience managing
multiple, simultaneous, and high-profile information security
initiatives and responses.
- High level of personal integrity, as well as the ability to
professionally handle confidential matters, and show an appropriate
level of judgement and maturity.
- Experience with Federal information technology security
standards, guidelines, regulations and programs such as HIPAA,
NIST, DISA and DIACAP/RMF.
- Strong knowledge of common information security management
frameworks/guidelines, such as ISO/IEC 27001, NIST 800-171, HITRUST
CSF and deep knowledge and understanding of relevant legal and
regulatory requirements/standards, including but not limited to:
HIPAA/HITECH and other relevant compliance standards.
- Experience in designing and managing new and existing security
- Ability to advise infrastructure and applications staff in
securing their respective environments.
- Exhibit strong written and verbal communication skills,
interpersonal and collaborative skills.
- Strong ability to convey security information to non-technical
end-users in a way that inspires adoption and adherence to all
company security policies and programs.
- Experience with contract and vendor negotiations.
- Ability to provide technical and professional leadership,
guidance, and training to others. JOB COMPLEXITY: Works on problems
of advanced scope; exercises independent judgment as the subject
matter expert for information security and compliance. Regularly
interacts with senior management.
SUPERVISION: Director-level position responsible for information
security and compliance business areas. Reports directly to Senior
Vice President for Technology Services Delivery.
EXPERIENCE: Minimum of 7 years' experience in an information
technology field, with five to seven years of experience in an
information security role.
EDUCATION: A Bachelor's degree from an accredited college or
university in a related field, or equivalent work experience. A
Masters of Business Administration degree is desired.
CERTIFICATION(S): At least 1 industry-standard information security
certification is required; CISSP is preferred.
CLEARANCE: Must be able to obtain federal ADP Level 2 clearance.
Employment continuity is contingent upon passing an extended
TRAVEL: This position may require occasional travel.
Keywords: HealthTrio LLC, Tucson , Director of Security and Compliance, Executive , Tucson, Arizona
Didn't find what you're looking for? Search again!