Senior Cybersecurity Compliance Specialist

SUMMARY:

The Senior Cybersecurity Compliance Specialist will be responsible for ensuring controls and processes are defined and held to the highest standard by all staff.  This role will help mature our security program through the HITRUST and NIST 800-53 framework, ensuring a quality compliant process is adhered to for the highly regulated government and commercial healthcare industry. The Security Compliance Engineer will employ security compliance and technical knowledge with a desire for continuous improvement.  

ESSENTIAL FUNCTIONS:

This class specification lists the major duties and requirements of the job and is not all-inclusive.  Incumbent(s) may be expected to perform job-related duties other than those contained in this document and may be required to have specific job-related knowledge and skills.

• Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures and standards to validate maintenance of secure configurations. 
• Maintain and track compliance across the NIST 800-53 and HITRUST security frameworks. 
• Maintain up-to-date compliance records of requirements and corresponding mitigating controls. 
• Perform third-party risk assessments and assist in performing internal risk assessments. 
• Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle. 
• Monitor and evaluate company risk and define controls to mitigate those risks 
• Monitor change management process to ensure compliance. 
• Develop key performance metrics to track and ensure compliance with established policies and standards. 
• Support development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained. 
• Participate in the development of security and privacy awareness training in conjunction with other members and groups in the organization. 
• Ensuring the company's technical compliance with applicable laws and regulations. 
• Conduct tests and studies into the company's product compliance. 
• Produce reports on compliance testing, developments, and processes. 
• Instituting best-practice procedures for compliance and risk mitigation. 
• Develop strategies and implementation plans for compliance-related matters. 
• Explain and define compliance protocols and measures to stakeholders and relevant authorities. 
• Partner with the Architecture and development resources to ensure projects are meeting proper compliance standards    
• Represent the security team to other engineering disciplines as well as product management, customer support, and implementations.    
• Keep abreast of the security compliance community to ensure compliance with the latest practices and technologies  
• Other duties as assigned 

QUALIFICATIONS:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.

Need to Have:

• Bachelor’s Degree 
• Ability to be successfully credentialed for Veterans Affairs (VA) systems access 
• 5 years’ experience in IT  
• 2 years’ experience in cybersecurity compliance 

Nice to Have:

• Bachelor’s Degree in Computer Science or related field 
• Certifications in cybersecurity (e.g., CISSP, CISM, CISA) 
• Experience with compliance assessments (e.g., SOC, HITRUST, FedRamp, NIST, etc.) 
• Healthcare technology experience.  
• Knowledge of Microsoft Azure, AWS. 

Required Knowledge and Skills

Required Knowledge:

• Business planning and development. 
• Working knowledge of software development life cycle methodology, preferably within a Scrum environment    
• Strong oral and written communication skills  
• Excellent analytical and problem-solving skills with attention to detail  
• Ability to partner and work across teams and levels within the organization  
• Mentoring & career development/growth skills 
• Correct business English, including spelling, grammar and punctuation 
      

Required Skills:

• Using initiative and independent judgment within established department guidelines.
• Contributing effectively to the accomplishment of team or work unit goals, objectives and activities. 
• Establishing and maintaining effective working relationships with a variety of individuals.

PHYSICAL/MENTAL REQUIREMENTS:

The physical demands described herein are representative of those that must be met by an employee to successfully perform the essential functions of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 
 
 Mobility to work in an office setting, use standard office equipment and stamina to sit for extended periods of time; strength to lift and carry up to 10 pounds; vision to read printed materials and computer screens; and hearing and speech to communicate in person or over the telephone.  
 
 Travel as needed to support company and customer initiatives. Work on Site at our St Paul office may be required and ABOUT reserves the right to change the location of the role at any time.

This role may involve work on federal government contracts that require additional federal background investigations, training, and federal badging. As such, you may be required to submit personal information to the government and be fingerprinted and photographed at your local Department of Veteran Affairs Medical Center.

ABOUT offers a flexible, purpose-built solution that empowers hospitals and health systems to operate as one connected network of care. We enable easy access for clinicians to move patients into and out of the acute care setting - getting them to the next, best care setting faster and easier. Complemented by our clinical experts and best practices, we provide health systems the necessary controls and insights to grow with resilience, drive clinician effectiveness, and improve patient outcomes.