Description

 
Responsibilibity



Among the key duties of this position are the following:

· Documents and evaluates compliance activities and liaising with government agencies.
· Assists and serves as a resource to determine risk gaps and/or policy needs based upon updates or mandates to regulatory, statutory, or other requirements, to include but not limited to
— HIPAA, PCI DSS, GLBA, FISMA, NIST Cybersecurity
Framework, CMMC, etc.
Performs other tasks as assigned.

Qualifications


 

Minimum Education and Experience:

 

A Bachelor’s degree preferably in Computer Science, Information Systems, Management Information Systems, or a related field.
· A minimum of five (5) years’ experience in Information Security programs and knowledge
of HIPAA, GLBA, PCI DSS, CMMC, FISMA regulations and standards.


Certifications/Licenses

• Certified Risk and Compliance Management Professional (CRCMP) preferred. Will accept other related certifications, such as — CISSP, CISA, CMMC, PMP, or HCISPP.
• Minimum of five (5) years of experience in the field of Compliance.
• Proficiency in MS Office.


Required Knowledge, Skills, and Abilities


• Familiarity with frameworks such as NIST Cybersecurity Framework, ISO27001-2, ITIL, and Project Management methodology are essential.
• Experience with GRC tools.
• Possess excellent interpersonal, communication and influencing skills, with the ability to collaborate effectively across a variety of disciplines and levels inside/outside the organization.
• Ability to effectively analyze, document and communicate information security concepts to different user bases, including faculty, staff, systems personnel, and external stakeholders.
• Must possess demonstrated experience in compliance research, reporting, adherence, and policy development within the IT and healthcare sectors.
 

Preferred Qualifications

 

Demonstrated knowledge and understanding multiple frameworks such as the NIST Cybersecurity Framework, ITIL and ISO 27001-2.
• Demonstrated working knowledge of various regulatory requirements, industry standards, and laws to include, but not limited to
– PCI DSS, GLBA, FERPA, GDPR, HIPAA, CMMC, FISMA,
etc.
• Working knowledge of diverse information technology architectures and designs.
• Working knowledge of general audit principles, security administration processes and frameworks, metrics collection and reporting.
• Strong analytical and critical thinking skills.
• Excellent verbal and written communication skills.
• Documenting and reporting skills.

Key Skills
Education

Bachelor’s degree