Security Compliance Manager
United States
Applications have closed
Care Access
Care Access is accelerating the availability of more new medicines and treatments by breaking down traditional barriers in clinical research for patients, sponsors, and physicians. Our innovative model brings a nationwide network of sites,...The successful candidate will be responsible for the day-to-day activities to maintain compliance with regulatory and sponsor requirements, perform impact and maturity assessments, and ensure routine security processes (e.g., user account reconciliation) are performed within expectations of a highly secure enterprise. This person will work within the Security department to assess and recommend controls in alignment with compliance requirements and define processes and standards to ensure that security configurations are maintained. The risk manager is an advocate for information security and privacy within the organization.
Responsibilities
- Maintains an information security compliance plan in alignment with ISO27001 and SOC 2 certifications
- Process owner for audit evidence gathering, maintenance, and delivery
- Tracks risks to information security and compliance in a formalized risk management planMaintains a model of process maturity relevant to information security procedures
- Reports highest gaps to maintain continuous improvement within the IT environmentReports risk profile to IT Leadership Team on a regular basis to prioritize mitigation strategy.
- Assists in the coordination and completion of information security operations documentation, including security-related policies and procedures.
- Plays an advisory role in application development and acquisition projects to assess compliance requirements and to ensure controls are implemented as planned.
- Collaborates on critical IT projects to ensure that security issues are addressed throughout the project life cycle.
- Tracks IT supply chain from request intake to decommissioning with a focus on risk management.
- Maintains sufficient oversight of vendor or supplier operations to ensure compliance with current good manufacturing practices.
- Reviews contract verbiage, where applicable, to ensure compliance with established Care Access security practices.
- Researches, evaluates, and recommends information-security-related controls on system and network device hardening practices
Qualifications
- 5+ years’ management experience in Information Security or Information Technology.
- Proven background and success with ISO, SOC, and/or SOX compliance auditsKnowledge of common information security management frameworks (e.g., NIST CSF, ISO, SOC)Experience working within boundaries of HIPAA, GDPR, GCP and other privacy regulations
- Ability to work and learn independentlyStrong analytical, problem solving, and communication skillsExperience with network security concepts and toolsExperience with cloud security concepts and tools
- Experience with endpoint security management concepts and toolsRelevant industry certifications (e.g., Microsoft, Google, ITIL) are a plus
- Degree in Computer Science, Information Security, Information Technology, or a relevant certification with sufficient experience
Location:
- Location: Anywhere in the USA (Northeastern US is preferred).
Benefits:
- PTO/Vacation days, sick days, Holidays.
- 100% paid Medical, Dental, and Vision Insurance. 75% for dependents.
- HSA plan Short-term disability, long-term disability, Life Insurance.
- Continued Education Allowance
- Culture of growth and equality
- 401K plan and matching contribution
We are an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.
By applying to this post, you agree to receive text message updates about your application and interview process.
Tags: Cloud Compliance Computer Science Endpoint security GCP GDPR HIPAA ISO 27001 ITIL Network security NIST Privacy Risk management SOC SOC 2 Strategy
Perks/benefits: 401(k) matching Health care Insurance Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs