Security Compliance Advisor

Job Summary

Under the general direction of the Manager, Risk Assessment, the Security Compliance Advisor is responsible for providing security/compliance assessment and consulting services to our Healthcare clients.  This position requires a working knowledge of information security frameworks, standards, laws, regulations, and protocols. The role includes responsibilities in project management, information security assessment, and client consulting on all matters related to the protection and regulatory compliance of patient health information.

Essential Job Functions

The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.

·      Manage assigned client projects, ensuring clear communication, managed expectations, and timely deliverables. 

·      Conduct on-site Information Security and Compliance assessments using Fortified Healthcare tools and methodology. 

·      Develop or provide guidance on Information Security and Compliance policies and processes. 

·      Maintaining working knowledge of healthcare security/compliance federal, state laws/regulations and third-party standards; including but not limited to HIPAA, HITECH, and HITRUST. 

·      Ensure the organization's adherence to cybersecurity standards and practices, particularly the HIPAA Security Rule and NIST Cybersecurity Framework. 

·      Deliver high-quality, professional client support in information security and compliance via conference calls, on-site meetings, and electronic communications. 

·      Manage client expectations and facilitate engagement throughout the assessment process. 

·      Contribute to enhancing current services or developing new client offerings with leadership input and guidance. 

·      Develop Corrective Action Plans (Risk Management Plans) following Security Risk Assessments. As agreed upon, develop client-requested documentation such as Policies, Procedures, and similar materials. 

·      Identify opportunities within client environments to reduce cybersecurity risks and communicate these internally when applicable. 

·      Client presentations to both technical and administrative audiences. 

·      Must have solid foundational knowledge and understand output from systems such as endpoint protection, encryption, vulnerability scans, etc. Should have knowledge of how organizations use dashboards from tools that are used to run hospital IT operations. 

·      Experience with report writing and delivery based on results of security assessments is required. 

·      Knowledge & Skills

Education & Experience

·      Bachelor's degree in Cybersecurity, Information Systems, or equivalent experience preferred. 

·      Minimum of 5 years of experience in information security consulting, assessment, governance, risk, and compliance required. 

·      Prior cybersecurity experience within the healthcare industry preferred. 

·      Company-wide information Security Strategy and Strategic Planning. 

·      Cybersecurity Remediation and Corrective Action Plan development and implementation. 

·      Disaster and Business Continuity planning, construction, and review. 

·      Training and Awareness program strategies and planning. 

·      Risk tolerance, exposure, and overall program management. 

·      Risk tolerance measurement and knowledge to provide strategies to satisfy client’s exposure thresholds. 

·      Knowledge of potential and emerging threats, vulnerabilities, and techniques used to control such as technical, physical, and administrative controls. 

·      Incident Response and Breach Investigation planning, construction, and implementation. 

·      Security Standards, Architectures, Frameworks and Best Practices such as ISO27001/27002, NIST Cybersecurity, COBIT, and PCI DSS. 

·      Knowledge of International, Federal, and State regulatory and compliance requirements such as HIPAA, SOX, and GDPR. 

Special Skills & Knowledge

·      Strong written and verbal communication skills required. 

·      Proven ability to multitask, prioritize, and manage time effectively in a remote setting. 

·      Highly motivated self-starter with a drive to deliver excellence in all tasks 

Licenses, Certifications, etc.

·      Security certification such as Security+, CISSP, CCSP, HITRUST, HCISPP, CISM, CISA, CEH, GIAC, CHP, CHPS are preferred. 

Requirements

Working Conditions & Travel Requirements

·      Travel as required, up to 25%.  

·      Valid driver's license 

·      A quiet, professional workspace with a reliable high-speed internet connection 

Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities. If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.