Sr. Security Specialist - Compliance

at  Ascension

JOB SUMMARY:

The Sr Security Specialist will be responsible for overseeing compliance initiatives, managing cybersecurity risk, and ensuring that our company meets industry standards and regulatory requirements.As the Cybersecurity Compliance Lead, you will be responsible for managing and executing cybersecurity compliance programs across the organization. This includes ensuring adherence to industry frameworks (such as NIST, ISO 27001, SOC 2), regulatory requirements (such as GDPR, HIPAA, CCPA), and internal policies. In this role, you will be responsible for leading and overseeing our cybersecurity compliance efforts across all company systems, ensuring adherence to industry standards and regulations, and working closely with internal teams and external auditors to maintain a robust security posture.
As the Cybersecurity Compliance Sr Specialist, you will be integral to the development, implementation, and maintenance of cybersecurity policies, frameworks, and processes that support a secure and compliant environment. This is an exciting opportunity for someone with deep expertise in cybersecurity, risk management, and regulatory compliance to shape and guide our organization’s security strategy.

EXPERIENCE:

• 8+ years of experience in cybersecurity compliance, risk management, or related fields.Strong knowledge of cybersecurity regulations, frameworks, and industry standards (e.g., NIST CSF, ISO 27001, SOC 2, HIPAA, PCI-DSS).
• Proven track record in leading audits, assessments, and compliance efforts for large-scale organizations.

SKILLS & ABILITIES:

• Expertise in cybersecurity governance, risk, and compliance (GRC) processes.
• Strong analytical skills with the ability to assess and interpret complex regulatory requirements.
• Excellent communication and leadership skills, with the ability to collaborate across departments and with external auditors.
• Ability to prioritize and manage multiple compliance initiatives simultaneously.

TECHNICAL SKILLS:

• Familiarity with GRC tools and platforms
• Understanding of IT systems, cloud security, data privacy, and related technologies.

PREFERRED QUALIFICATIONS:

• Certifications such as CISSP, CISM, CISA, CRISC, or similar are highly desirable. If a candidate does not currently have a security certification, one must be obtained within the first 6 months of employment.
• Experience working in highly regulated industries such as healthcare, finance, or government is a plus.

REQUIREMENTS

Education:

• High School diploma equivalency with 2 years of cumulative experience OR Associate’s degree/Bachelor’s degree with 1 year of experience OR 5 years of applicable cumulative job specific experience required. 2 years of leadership or management experience preferred.

WHY JOIN OUR TEAM

When you join Ascension, you join a team of over 134,000 individuals across the country committed to a Mission of serving others and providing compassionate, personalized care to all. Our inclusive culture, continuing education programs, career coaches and benefit offerings are just a few of the resources and tools that team members can use to create a rewarding career path. In fact, Ascension spent nearly $46 million in tuition assistance alone to support associate growth and development. If you are looking for a career where you can grow and make a difference in your community, we invite you to join our team today.

KEY RESPONSIBILITIES:

• Compliance Management:
• Lead efforts to ensure compliance with key cybersecurity regulations and frameworks, such as MITRE attack, NIST, HIPAA, PCI-DSS, SOC 2, ISO 27001, and others.
• Coordinate audits and assessments with internal and external auditors to validate compliance with cybersecurity policies and regulatory requirements.
• Identify gaps in compliance and lead remediation efforts to address deficiencies.
• Policy and Framework Development:
• Develop, implement, and maintain cybersecurity policies and procedures in alignment with best practices and regulatory standards.
• Stay current on cybersecurity laws, regulations, and industry trends to ensure the organization remains compliant with evolving requirements.
• Risk Management:
• Conduct risk assessments and support the development of risk management strategies to reduce security risks.
• Work closely with AT, legal, and other departments to assess, document, and mitigate risks related to cybersecurity compliance.
• Training and Awareness:
• Provide training and awareness programs for employees to ensure an understanding of cybersecurity compliance requirements and best practices.
• Serve as the primary point of contact for internal and external stakeholders regarding cybersecurity compliance inquiries.
• Reporting and Documentation:
• Prepare and deliver reports on cybersecurity compliance status, audit findings, and remediation efforts to executive leadership.
• Maintain comprehensive documentation of compliance efforts, audit results, and corrective actions.