IT Compliance Professional

About The Position

Requirements

• Our Department of Defense contract requires U.S. citizenship for this position
• Successfully receive interim approval for government security clearance (NBIS – National Background Investigation)
• 4 or more years of technical experience
• 4 or more years of Governance, Risk and Compliance and audit management experience
• 3 or more years of experience developing Objectives and Key Results (OKRs) and/or Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs)
• 1 or more years of Artificial Intelligence Governance experience
• Working knowledge in HIPAA Security Rule, FedRAMP, cloud platforms, NIST AI Risk Management Framework and integrating compliance requirements with new and existing technologies
• Dynamic communication, collaboration, and conflict management skills to establish and maintain relationships with business leaders, customers, and third parties
• Detailed oriented with solid organizational, project/audit management and issue resolution skills
• Must be passionate about contributing to an organization focused on continuously improving consumer experiences
• Prior demonstrated experience with process improvement or process design

Nice To Haves

• Bachelor's Degree in Information Technology, Computer Science, or a related field
• Holds one or more of the following certifications: CRISC, CISM, CISSP, or CGRC
• Strong familiarity with Cybersecurity Maturity Model Certification (CMMC), NIST Special Publication 800-171: Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations and DFARS 252.204-7012, Safeguarding Covered Defense Information Cyber Incident Reporting
• Strong familiarity with NIST Special Publication 800-53: Guide for Assessing Security Controls in Federal Information Systems and Organizations, and FISMA
• Prior experience working as a federal government contractor supporting technical and GRC initiatives

Responsibilities

• Independently conduct comprehensive audits and assessments on complex new and existing information systems applications to ensure that appropriate controls exist, that processing is efficient and accurate, and that information systems procedures are in compliance with corporate standards, industry best standards, and contractual requirements.
• Apply in-depth knowledge and skills to develop and analyze metrics (Key Performance Indicators, Key Risk Indicators, etc.) and trend reports that monitor control effectiveness and compliance maturity over time.
• Proactively address problems and regularly make technical recommendations by drawing from prior experiences or knowledge of best practices to improve processes, tools that can impact multiple functions.
• Determine methods, priorities, and timelines to orchestrate cross-functional risk assessments, identify control gaps and risks in information systems, and coordinate with stakeholders to recommend, drive, and monitor remediation.
• Working with enterprise-wide IT partners to advise and ensure adherence to compliance requirements throughout system implementations and enhancements, influencing design and execution to meet regulatory, organizational standards and strategy.
• Address technical architectural and design configurations issues by applying sound judgment and discretion, interpreting policies, and determining appropriate methods, priorities, and approaches to work.
• Ensure compliance with federal and state laws, HIPAA Security Rule, DoD, VA, and TRICARE regulations and Humana’s technology practices.
• Cultivate and maintain strategic partnerships with essential stakeholders in Third Party Risk Management to track and advise on risk remediation of vendors and subcontractors.
• Manage and track the remediation of application security vulnerabilities and penetration testing findings, ensuring all issues are addressed efficiently from initial identification through to final resolution.
• Proactively conduct thorough IT audits and assessments against established compliance frameworks, identifying areas for process improvement to ensure organizational readiness for future departmental and business opportunities.
• Manage all aspects of external audit activities, including preparation, auditor coordination, evidence management, and remediation tracking.
• Support the AI governance effort and perform formal assessments against the NIST AI Risk Management Framework of AI use cases to identify, evaluate, and manage the mitigation of ethical, security, and compliance risks.

Benefits

• Humana provides medical, dental and vision benefits, 401(k) retirement savings plan, time off (including paid time off, company and personal holidays, volunteer time off, paid parental and caregiver leave), short-term and long-term disability, life insurance and many other opportunities.