Security Compliance Manager

United States

Applications have closed

Care Access

Care Access is accelerating the availability of more new medicines and treatments by breaking down traditional barriers in clinical research for patients, sponsors, and physicians. Our innovative model brings a nationwide network of sites,...

View company page

We are a rapidly growing company supporting global clinical trials. We are building the future of healthcare, where many more life-changing therapies can reach those who need it most. Together with the top pharmaceutical and biotech partners, we’re scaling a new model for the clinical trial site, where more physicians and their patients engage in cutting-edge research to develop and approve new therapies faster. Through innovation and a unique technology-enabled service model, our team of expert scientists, engineers, entrepreneurs, physicians, nurses, and patient volunteers are paving the way towards this more caring and creative world.
The successful candidate will be responsible for the day-to-day activities to maintain compliance with regulatory and sponsor requirements, perform impact and maturity assessments, and ensure routine security processes (e.g., user account reconciliation) are performed within expectations of a highly secure enterprise. This person will work within the Security department to assess and recommend controls in alignment with compliance requirements and define processes and standards to ensure that security configurations are maintained. The risk manager is an advocate for information security and privacy within the organization.

Responsibilities

  • Maintains an information security compliance plan in alignment with ISO27001 and SOC 2 certifications
  • Process owner for audit evidence gathering, maintenance, and delivery
  • Tracks risks to information security and compliance in a formalized risk management planMaintains a model of process maturity relevant to information security procedures
  • Reports highest gaps to maintain continuous improvement within the IT environmentReports risk profile to IT Leadership Team on a regular basis to prioritize mitigation strategy.
  • Assists in the coordination and completion of information security operations documentation, including security-related policies and procedures.
  • Plays an advisory role in application development and acquisition projects to assess compliance requirements and to ensure controls are implemented as planned.
  • Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
  • Tracks IT supply chain from request intake to decommissioning with a focus on risk management.
  • Maintains sufficient oversight of vendor or supplier operations to ensure compliance with current good manufacturing practices.
  • Reviews contract verbiage, where applicable, to ensure compliance with established Care Access security practices.
  • Researches, evaluates, and recommends information-security-related controls on system and network device hardening practices

Qualifications

  • 5+ years’ management experience in Information Security or Information Technology.
  • Proven background and success with ISO, SOC, and/or SOX compliance auditsKnowledge of common information security management frameworks (e.g., NIST CSF, ISO, SOC)Experience working within boundaries of HIPAA, GDPR, GCP and other privacy regulations
  • Ability to work and learn independentlyStrong analytical, problem solving, and communication skillsExperience with network security concepts and toolsExperience with cloud security concepts and tools
  • Experience with endpoint security management concepts and toolsRelevant industry certifications (e.g., Microsoft, Google, ITIL) are a plus
  • Degree in Computer Science, Information Security, Information Technology, or a relevant certification with sufficient experience

Location:

  • Location:  Anywhere in the USA (Northeastern US is preferred).

Benefits:

  • PTO/Vacation days, sick days, Holidays. 
  • 100% paid Medical, Dental, and Vision Insurance. 75% for dependents. 
  • HSA plan Short-term disability, long-term disability, Life Insurance.
  • Continued Education Allowance 
  • Culture of growth and equality 
  • 401K plan and matching contribution 
At Care Access, every day we are advancing medical breakthroughs. We’re uniting standard patient care with cutting-edge treatments and research. The work that we do brings life-changing therapies to those who are in need and paves the way for newer and greater treatments to reach the world.  We’re proud to advance these breakthroughs and to work with the big players while also engaging with the very best physicians and caring for patients. Through innovation and a unique technology-enabled service model, our team of experts is paving the way to take this vision forward.   We care. Our values are rooted in being genuine, finding new ideas, and building something meaningful. Influenced by our values, we have built a culture valuing communication and dialogue: we care about what everyone has to say and we spend energy on being equal and inclusive.Along the way, we are caring for each other, accelerating medicine, and seeding a long-term impact for generations to come.  
We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.  
By applying to this post, you agree to receive text message updates about your application and interview process.

Tags: Cloud Compliance Computer Science Endpoint security GCP GDPR HIPAA ISO 27001 ITIL Network security NIST Privacy Risk management SOC SOC 2 Strategy

Perks/benefits: 401(k) matching Health care Insurance Team events

Region: North America
Country: United States
Job stats:  12  2  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.