Senior Security Compliance Advisor

at  Fortified Health Security

JOB SUMMARY

Under the general direction of the Manager, Risk Assessment, the Senior Security Compliance Advisor is responsible for providing security and compliance assessment and consulting services to Fortified Healthcare clients. This position requires a strong working knowledge of information security governance and compliance frameworks, standards, laws, regulations, and protocols. The role includes responsibilities in project management, information security assessment, and client security consulting on all matters related to the protection and regulatory compliance of patient health information.

KNOWLEDGE & SKILLS

Education & Experience

• Bachelor’s degree in CS / MIS or equivalent experience preferred
• 7+ Years of information security consulting, assessment, governance risk and compliance experience required.
• Cybersecurity experience in healthcare preferred.
• Company-wide information Security Strategy and Strategic Planning.
• Cybersecurity Remediation and Corrective Action Plan development and implementation.
• Disaster and Business Continuity planning, construction, and review.
• Training and Awareness program strategies and planning.
• Risk tolerance, exposure, and overall program management.
• Risk tolerance measurement and knowledge to provide strategies to satisfy client’s exposure thresholds.
• Potential and emerging threats, vulnerabilities, and techniques used to control such as technical, physical, and administrative controls.
• Incident Response and Breach Investigation planning, construction, and implementation.
• Security Standards, Architectures, Frameworks and Best Practices such as ISO27001/27002, NIST Cybersecurity, COBIT, and PCI DSS.
• International, Federal, and State regulatory and compliance requirements such as HIPAA, SOX, and GDPR.

Special Skills & Knowledge

• Strong communication both written and oral required.
• Able to multi-task, prioritize, and manage time effectively required.
• High-energy self-starter that seeks to deliver excellence, no matter how small the project.

Licenses, Certifications, etc.

• Security certification such as CISSP, CCSP, HITRUST, HCISPP, CISM, CISA, CEH, GIAC, CHP, CHPS

OTHER REQUIREMENTS

Supervisory Responsibility

• N/A

Working Conditions & Travel Requirements

• Travel as Required up to 25%

• Project Management of assigned client projects ensuring proper information flow, leveled expectations and on time deliverables.
• Completion of on-site Information Security/Compliance assessments utilizing Fortified Healthcare Solutions tools and methodology.
• Information Security/Compliance policy and process construction and/or guidance.
• Maintaining working knowledge of healthcare security/compliance federal, state laws/regulations and third-party standards; including but not limited to HIPAA, HITECH, and HITRUST.
• Will be responsible for ensuring the organization’s compliance with cybersecurity standards and practices, particularly those outlined in the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
• Providing high quality professional client information security/compliance support via conference calls, on-site meetings, and electronic communications.
• Manage client expectations and facilitate client engagement through the course of assessment.
• Lead efforts to enhance current service lines or development of new client offerings with guidance and input from leadership and management.
• Construction of Corrective Action Plans (Risk Management Plans) following each Security Risk Assessment. As requested, and agreed upon by Fortified, construction of client-requested documentation such as Policies, Procedures, and similar documentation that client may request.
• Identify opportunities within client environment to reduce cybersecurity risks. Communicate opportunities internally to Fortified when applicable.
• Client presentations to both technical and administrative audiences.
• Must have solid foundational knowledge and understand output from systems such as Anti-malware, Encryption, vulnerability scans, etc. Should have knowledge of how organizations use dashboards from tools that are used to run hospital IT operations
• Strong experience with report writing and delivery based on results of security assessments is required