Key areas of responsibilities (KRAs) :
- Creating an annual risk review plan
- Facilitate risk assessment for operations and support functions
- Establish risk review and reporting process
- Maintain risk registers
- Review performance of existing physical and logical security controls and recommend stronger controls based on risks.
- Spread information security awareness throughout the organization through various means including training and campaigns
- Review all information security controls with all stakeholders at least annually
- Facilitate incident reporting and closure
- Review and test business continuity plans and disaster recovery plans.
- Provide inputs to RFPs from the information security and risk management perspective
- Manage ongoing internal audits and follow up on action plans as mentioned in the audit plan
- Communicate the audit findings effectively & recommend corrective action plans based on the findings
- Review compliance with Company policies and procedures, and ISO Standards 9001 and 27001, HIPAA and GLBA for healthcare accounts.
- Document and implement new policies and procedures as needed per the various external certifications & develop internal checklists & controls
- Review existing policies and procedures for the department at periodic intervals
- Identify areas of revenue leakage & recommend corrective actions
- Facilitate second party and third party external audits and ensure the requirements are met
- Train quality team members on ISO standards, HIPAA/GLBA requirements and risk assessments.
Desired skill sets :
- Excellent written and spoken English
- Basic knowledge of Quality concepts is desirable
- Sound Knowledge of ISO certifications & others
- Good Analytical skills
- Ability to deal with international centers
- Willingness to travel for internal and external audits across India and occasionally to other countries (50%)
Desired qualifications (including certifications) :
- Graduate from any discipline
- Certified lead auditor in ISO 9001, ISO 27001 from reputed institutes
- Experience and exposure to HIPAA and GLBA compliance is an added advantage
Desired years of experience :
- 8 to 10 years of relevant experience
Internal Customers, if any :
- Operations
- Shared Services
- Sales and Customer Relationship Group
External Customers, if any :
- All clients of HGS, and their appointed auditors
Didn’t find the job appropriate? Report this Job