Key Responsibilities :
- Design a compliance framework and to identify information security goals/ objectives. - Oversee the information security programs including standards, policies and procedures, data protection, risk management, vendor due diligence and compliance.
- Develop, review, recommend and modify information security policies and procedures to ensure adaptation and compliance.
- To plan and establish organization-wide Information security Management System (ISMS) in accordance with ISO 9001 and 27001 standard and other relevant security standards.
- To ensure all infosec and cyber security framework/ policies are deployed, revised, sustained, and overseen effectively with the objective to comply with regulatory requirements and internal standards
- Implement a compliance monitoring program to ensure all centres continue to comply with internal and external requirements such as ISO, HiTrust, HIPAA, Information Security, SOC 1 &2
- Implement required and best practice controls at the operations centers to address Company compliance requirements (including standards related to information security, people security, data privacy, contractual requirements)
- To work closely with functional teams and non-technical leadership to articulate IT security and technical issues in a non-threatening, clear and actionable manner
- Define information security measurement metrics and other key performance indicators - Research and propose best practice solutions for the specific nature of company operations - Identify and implement improvement and efficiency opportunities
- Develops and leads the implementation of an ERM for the entire organization. - Maintains a risk register that reflects identified fraud schemes and applicable laws and regulations.
- Uses a variety of techniques, which include expert opinion and historical simulation, to quantify risk limits for the organization.
- Ensure privacy and security policies to protect the CIA of PHI are enforced across the organization
- Auditing the applications, configurations, and internal practices against standards such as HIPAA, HITRUST etc.
Requirements :
- Professional Certifications (Desirable) ISO 27001 LEAD AUDITOR /Implementer - Proficiency in Security-Compliance, Security and Risk Management operations, auditing, monitoring, and reporting
- Ability to manage and prioritize multiple tasks and work under demanding conditions with many interruptions
- Experience in InfoSec policy creation, documentation, and enforcement
- Thorough knowledge on HIPAA Security and Privacy rules
- Ability to understand technology and pertaining risks
- Excellent written and verbal communication skills
- Excellent judgment and analytical skills
- High degree of professional ethics, integrity, and gravitas
- 20+ Years of relevant experience
Didn’t find the job appropriate? Report this Job