What are the responsibilities and job description for the Information Security Auditor position at Harmony Healthcare IT?
Company Description: Harmony Healthcare IT (HHIT) is a data management firm that moves and stores patient, employee, and business records for healthcare organizations. To strengthen care delivery and improve lives, vital information is preserved and managed by HHIT in a way that keeps it accessible, releasable, usable, interoperable, secure, and compliant. HHIT has established core values for the workplace. This helps to maintain a culture of excellence and provides guidance in our daily work. HHIT’s core values are:
- Do the right thing
- Be easy to work with
- Exceed expectations
- Serve humbly
- Never stop improving
- Assesses IT security and risk across the company
- Plan and execute regular and ad-hoc security audits and assessments, including vulnerability scans, penetration tests, and compliance reviews (e.g., SOC 2, ISO 27001, HITRUST).
- Understand and interpret security frameworks (e.g., NIST Cybersecurity Framework, CIS Controls) and translate them into actionable procedures and controls.
- Assess and facilitate third party risk management procedures
- Assist in the implementation and maintenance of security controls within the organization.
- Prepare and present comprehensive audit reports to management and relevant stakeholders.
- Communicate audit findings and recommendations effectively both verbally and in writing.
- Maintain accurate and up-to-date documentation of all audit activities.
- Administers security and risk training curriculum for the entire company focusing on areas of greatest opportunities for improvement, as well as facilitating phishing campaigns
- Continuously monitor and evaluate the effectiveness of security controls.
- Stay abreast of emerging security threats and best practices.
- Promote awareness of applicable regulatory standards, upstream risks, and industry best practices across the company
- Other duties as assigned
- Excellent communication skills both written and spoken
- Knowledge of technical infrastructure, networks, databases, and systems in relation to IT security and IT risk
- Strong problem solving and analysis skills
- Strong interpersonal skills
- Excellent organizational skills and attention to detail
- Excellent time management skills
- Team player
- Drive to complete project work on time
- Ability to effectively prioritize and handle multiple tasks and projects
- Bachelor’s degree in Information Systems, Cybersecurity, Computer Science, Information Security, or related field; or equivalent experience
- 1-3 years of IT security or information security experience with a proven ability to engage with Senior Management
- 1 years of experience conducting IT compliance assessments, HITRUST preferred
- Experience with HITRUST and HIPAA audit and compliance measures is highly preferred.
- Prior experience performing security reviews and risk assessments preferred
- Relevant security certifications (e.g., CISSP, CISA, CISM, CRISC) are a plus.
- Willing and ready to exemplify HHIT’s core values on a daily basis
- Responsible for protecting data entrusted to HHIT by customers or other parties by strictly adhering to HHIT’s data security and privacy policies and procedures, as well as HIPAA, PIPEDA and all other applicable law.
- Speaking and writing English is a requirement for this position
- Must be authorized to work in the United States
- Prolonged periods sitting at a desk and working on a computer
- Must be able to lift up to 15 pounds at times
