IT Compliance Program Manager

About The Position

Requirements

• 5+ years of experience in Information Security Compliance, IT Risk, IT Audit, or Internal Audit roles.
• Hands-on experience supporting or coordinating HITRUST assessments or similar security assurance programs, including readiness, evidence management, and assessor interaction.
• Experience working in healthcare, life sciences, or healthcare-regulated environments.
• Strong working knowledge of HIPAA Security and Privacy Rules and healthcare regulatory expectations.
• Experience conducting third-party/vendor security risk assessments.
• Working knowledge of NIST 800-53, NIST CSF and ISO/IEC 27001 frameworks.
• Ability to understand and assess technical controls related to IAM, logging/monitoring, endpoint security, vulnerability management, and cloud infrastructure.
• Working knowledge of security tools such as SIEM, endpoint protection, IAM, DLP, and cloud security platforms.
• Strong documentation, prioritization, and stakeholder communication skills.
• Excellent documentation, organizational, and stakeholder communication skills.
• Bachelor’s degree in Cybersecurity, Information Systems, Health Information Management, or a related field (or equivalent experience).

Nice To Haves

• Progress toward, or intent to pursue, industry-recognized certifications such as CISA, HCISPP, HITRUST CCSFP, or CISSP.
• Experience supporting risk or compliance assessments in cloud environments (e.g., AWS, Azure, or GCP).
• Familiarity with GRC platforms used for audit tracking, evidence management, and risk workflows (e.g., AuditBoard or similar tools).

Responsibilities

• Execute HITRUST CSF audit readiness and sustainment activities under the direction of Information Security Compliance leadership.
• Perform control evidence collection, validation, and documentation to support HITRUST assessments and ongoing compliance.
• Assist with control design and operating effectiveness testing, documenting results in alignment with HITRUST assessment requirements.
• Support coordination with internal teams to obtain timely, accurate audit evidence.
• Maintain organized and up-to-date audit documentation and evidence repositories to support continuous readiness.
• Track assigned audit findings, corrective action plans (CAPs), and remediation evidence through closure.
• Support third-party/vendor security risk assessments for vendors handling PII/PHI/ePHI or supporting regulated systems.
• Review vendor documentation, including SOC 2 Type II reports, HITRUST certifications, ISO/IEC 27001 attestations, and security questionnaires.
• Document identified control gaps, risks, and remediation actions in accordance with internal TPRM procedures.
• Assist with vendor follow-ups, evidence collection, and reassessments as required.
• Help maintain vendor risk records and compliance tracking to support audits and regulatory inquiries.
• Execute day-to-day compliance activities aligned to HITRUST CSF, HIPAA, PCI Requirements
• Translate technical security implementations into clear, audit-ready documentation and control evidence.
• Support maintenance of policies, procedures, and control narratives to reflect current operational practices.
• Assist with cross-framework mappings and evidence reuse efforts to improve efficiency and consistency.
• Identify and escalate compliance gaps or documentation issues to Information Security Compliance leadership.