Summary Provides oversight of compliance, audit and regulatory reviews and acts as the primary point of contact for management, responsible for providing regulatory and information security expertise. Ensure that appropriate security controls are in place and that key regulatory timelines and required documents are tested Review of vendor questionnaire responses against industry security standards Document and report audit findings to management of affected areas Perform risk analysis to determine level of risk and recommend action(s) to mitigate along with contract and Third-Party Risk reviews, including SSAE16 and vendor assessments Demonstrate project management skills including developing initial project plans based on agreed-upon scope, updating the plan throughout the duration of the project, communicating status both internally and to the client on a routine basis, anticipating roadblocks and proactively adjusting approach Demonstrate advanced proficiency with MS Office (Word, Excel, OneNote, PowerPoint) and SharePoint for the creation and maintenance of client deliverables. Microsoft Dynamics CRM a huge plus. Requirements 3-5 years of Vendor Security Risk Assessment processes, Information Security Management, Review of IT Controls, Medical Device andor ProductApplication Assessments. BA or BS Management Information Systems or business related field (MBA desired but not required) Familiarity with industry regulations and audit frameworks SSAE 1618, SOC, ISO 27001, NIST, COBIT, FedRAMP or HITRUST Understanding industry standards relating to the areas of healthcare compliance and Information Security in order to assist healthcare organizations with the assessment and improvement of their security posture would be highly desired but not required. Participate in the delivery of vendor security reports for clientrsquos programs as appropriate to enhance personal skills and expertise Ability to work in fast paced consulting environment. Ability to travel 5-10 to client sites.
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.