Senior Security Compliance

Summary

As a Senior Professional Security Compliance at Gainwell, you can contribute your skills as we harness the power of technology to help our clients improve the health and well-being of the members they serve — a community’s most vulnerable. Connect your passion with purpose, teaming with people who thrive on finding innovative solutions to some of healthcare’s biggest challenges. Here are the details on this position.

Your role in our mission

Essential Job Functions

• Review and oversee vulnerability remediation by partnering with the various technical teams across platforms, applications, and operating systems.
• Review, capture and document IT and Security Risk. Document any exceptions, formally. Manages risks to closure and/or documented exceptions and follow through on managing exceptions to remediation deadlines.
• Support and manage ongoing security activities (access management, account reviews, vulnerabilities assessments, patch management, audits, etc.)
• Create, development and maintain all documentation supporting Information Security including: Security Management Plan, System Security Plan (SSP), IT Risk Management Plan, Security Incident Respond Plan
• Conduct and oversee periodic user access reviews with account business unit managers. Conduct monthly reviews of privileged, across all environments (Prod, Test, Dev, Staging, QA), server compliance and vulnerability reports for adherence to policy
• Design and implement repeatable, efficient processes for Information Security operations.
• Supporting AWS or other account or client cloud migrations.
• Collaborate between technology and business teams to drive proper implementation of security controls and compliance requirements.
• Enhance cyber security awareness by periodic employee awareness training.
• Work with the onsite trainer to conduct HIPAA new hire training for new hires and transfers from non-healthcare accounts.   
• Support and conduct full NIST risk assessments annually. 

What we're looking for

o

• Minimum of 4 years of combined experience in information security, risk management, compliance, technology audit, or a related field in healthcare.   
• Familiarity with the NIST Cybersecurity Framework
• Knowledge of regulatory compliance requirements including HIPAA/HITECH, ISO, SSAE16 / SSAE18, Safe Harbor.
• Professional certification such as CISSP, CISA, GSEC, etc. or related Information Security certifications, highly desired 
• State agency healthcare experience highly desired
• Cloud migration experience is highly desired  

What you should expect in this role

• Remote Opportunity 
• Opportunities to travel through your work (0-10%)
• Onsite OHIO as Hybrid remote