Information Security Risk and Governance Specialist, Principal (IT Regulatory Assurance)
About The Position
Your Role This role supports Stellarus within the Ascendiun Family of Companies. The Risk Management & Controls Assurance team delivers actional insights by quantifying IT and business risk to increase resilience while driving a security culture. We are seeking an Information Security Risk & Governance Specialist who will report to the Senior Manager. The successful candidate will be a highly experienced and proactive professional to lead regulatory compliance initiatives across the organization, with a focus on healthcare and technology-related standards. This senior individual contributor will be responsible for overseeing assessments and audits related to HIPAA, PCI-DSS, SOC 2, and other applicable frameworks, ensuring the organization maintains a strong security posture and meets all regulatory obligations. Our leadership model is about developing great leaders at all levels and creating opportunities for our people to grow – personally, professionally, and financially. We are looking for leaders that are energized by creative and critical thinking, building and sustaining high-performing teams, getting results the right way, and fostering continuous learning.
Requirements
- Requires a bachelor's degree or equivalent experience
- Requires at least 10 years of prior relevant experience
- Experience partnering with all levels of management required
- Driven, energetic, team player with superior oral and written communication skills
- Strong analytical, organizational, and project management skills.
- Requires deep understanding of IT control frameworks; Artificial Intelligence Risk Management Framework is strongly preferred
Nice To Haves
- Experience in portfolio management, preferably within an Agile or SAFe environment, JIRA experience a plus
- Desire one or more of the following: CRISC (Certified in Risk and Information Systems Control), CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional)
Responsibilities
- Regulatory Program Leadership Serve as the primary point of contact for external audits, assessments, and regulatory inquiries.
- Develop and maintain compliance documentation, including policies, procedures, control matrices, and evidence repositories.
- Build plan and lead required assessments to comply with mandates and certifications (HIPAA, PCI DSS, SOC II, Type 2, etc.).
- Assessment & Audit Management Conduct internal gap analyses and risk assessments to identify areas of non-compliance or control weaknesses.
- Track and report on audit findings, remediation efforts, and compliance status to senior leadership.
- Cross-Functional Collaboration Partner with teams across the enterprise to ensure alignment with regulatory requirements and enterprise risk objectives.
- Provide subject matter expertise during product development, vendor onboarding, and system implementations to ensure compliance is embedded in processes.
- Policy & Control Frameworks Partner to maintain and enhance internal control frameworks aligned with regulatory standards and industry best practices (e.g., NIST, HITRUST, ISO 27001).
- Partner to ensure policies and procedures are up-to-date and reflect current regulatory expectations and organizational practices.
- Monitoring & Reporting Implement continuous monitoring processes for key compliance controls, findings and mitigation plans.
- Prepare and present compliance metrics, dashboards, and executive summaries to leadership and governance committees.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Principal
Number of Employees
5,001-10,000 employees
