Compliance Manager (Contract Position)

Key Skills

Design, Effective communication skills, HITRUST, Management, Planning and organization, SoC integration, US Healthcare Recruitment

Job Description

Responsibilities will include:

• Developing and overseeing a large inventory of business and technology-related control systems aligned with legal guidelines, internal policies and procedures, and new and future certifications and attestations, i.e., ISO 27001, ISO 27018, ISO 27701, Type 2 SOC 2, and HITRUST.
• Designated responsibility for performing key compliance rhythm of business activities that must be kept to committed timelines, e.g., controls testing, remediations, risk exceptions, information security and privacy intake requests, and risk tracking
• Standing up and maintaining internal technical controls to support security and privacy, e.g., identity management, user access, data integrity, change management, physical and logical security, privacy related to data controller and processor, and system development life cycle (SDLC) controls
• Analyzing and rationalizing targeted certification standard requirements and control gaps
• Effectively communicating the intent of certification standards to technical and non-technical control owners and performers
• Writing technical security and privacy-related risk statements, control statements, control execution steps, and suggested evidence to properly support certification requirements
• Staging and coaching control owners and performers for successful audit walkthroughs
• Testing controls and identifying gaps requiring remediation
• Implementing and maintaining compliance automation tools
• Analyzing internal and vendor business systems to ensure compliance with industry regulations and ethical standards
• Creating, modifying, updating, and assisting as needed with implementing Truveta policies and procedures
• Developing risk management strategies and performing risk assessments according to Truveta’s methodology
• Designing ongoing relevant security and privacy-related training programs for employees of the business
• Liaising with other departmental heads to ensure all business operations are in line with business policies and procedures
• Advising mid- and senior management on business operations related to investment, business objectives, certifications and attestations, risks, and other policy and procedure development.

Key Qualifications

• Bachelor’s or higher degree supplemented by training
• 5 plus years of experience as an IT Auditor in internal or external auditing or compliance
• Report onsite to Bellevue, WA as required
• Direct experience with regulated e-PHI and/or PII data including HIPAA requirements for organizations classed as technology business associates, FDA 21 CFR Part 11 requirements, and relevant certifications and attestations, i.e., ISO 27001, 27018, 27701, Type 2 SOC 2, and HITRUST
• Experience performing HITRUST readiness self-assessments or validated assessments for a healthcare business associate organization
• Ability to effectively translate ISO, SOC 2, and HITRUST requirements to engineering and non-engineering stakeholders
• Strong experience and knowledge of cloud technology and engineering industry processes and regulations
• Proven bench strength in defining and performing technology and business risk assessments, defining control design, and measuring and monitoring control operating effectiveness
• Outstanding written and verbal communication and interpersonal abilities
• An analytical and critical-thinking mindset with excellent organizational and programmatic skills
• Proficiency in productivity tools such as Microsoft Word, Excel, and PowerPoint and the ability to learn and adopt other collaborative tools
• Ability to work effectively, accurately, and take accountability on critical compliance timelines
• Prefer career training and experience as IT Auditor, internal or external auditor or compliance consultant with healthcare data
• Pluses: current or past certification as CISA, CIA, CRISC, CISSP, CIPT, HITRUST CCSFP, or related disciplines; big four experience.

Why Truveta?

Be a part of building something special. Now is the perfect time to join Truveta. We have strong, established leadership with decades of success. We are well-funded. We are building a culture that prioritizes people and their passions across personal, professional, and everything in between. Join us as we build an amazing company together.

We offer:

• Interesting and meaningful work for every career stage
• The hourly pay for this position is $65-$90 per hour. The pay range reflects the minimum and maximum target. Pay is based on several factors including location and may vary depending on job-related knowledge, skills, and experience. Certain roles are eligible for additional compensation such as incentive pay and stock options.