Security and Compliance Manager

About The Position

Requirements

• Bachelor’s degree in Security Administration, Information Systems, Information Security, Computer Science, Biological or Health Sciences, law or related field.
• At least three (3) years working within healthcare industry or federal health agency (e.g. hospital, federal government).
• At least two (2) years’ experience with privacy or compliance within regulated environments (e.g. federal government, HIPAA, FISMA, ITAR etc.).
• Previous supervisory experience in a similar environment.
• Strong interpersonal and excellent written and verbal communication skills.
• Organized, with strong attention to detail.
• Ability to handle multiple simultaneous tasks and effectively.
• Able to work independently, self-starter.
• Ability to communicate effectively, both in writing and orally.
• Ability to establish and maintain effective working relationships with employees at all levels throughout the institution.
• Demonstrated commitment and leadership ability to advance diversity and inclusion.
• Attention to detail and accuracy, with strong analytical and critical thinking skills.
• Demonstrated effectiveness in a complex organizational environment

Nice To Haves

• Masters or doctorate degree in security administration, information systems, information security, computer science, biological or health sciences, law, or related field.
• A Juris Doctor or Doctorate degree in security administration, information systems, information security, computer science, biological or health sciences, law, or related field.
• Experience with NIST 800-53, NIST 800-171 or ISO 27000 frameworks.
• Experience with DICOM - PACS deidentification and compliance

Responsibilities

• Under the supervision of the DFA, work with Compass staff to support the HIPAA compliance program for Compass cloud systems, including researching, justifying, and documenting compliance controls.
• Develop and update applicable system and compliance policies and procedures.
• Draft, update, and evaluate internal and external contracts and agreements, including but not limited to: memorandums of understandings (MOUs), business associate agreements (BAAs), statements of work (SOWs), or master service agreements (MSAs).
• Coordinate processes for data request delivery with the Security and Compliance Committee including reviewing, editing, modifying, validating documentation to match Internal Review Board (IRB) documentation, and coordinate follow up between data owners, requestors/customers, data analysts, and Business Intelligence (BI) developers.
• Manage security and compliance activities, including vulnerability scans and penetration tests, analysis and risk justification of findings, and responding to incidents and issues.
• Provide security and compliance input and feedback to Compass management and engineers for technical designs and strategies in support of cloud technology, data warehouse, and infrastructure platforms.
• Analyze and document risk analysis and risk assessments for system, architecture designs, applications, or software for use within Health Data Compass (HDC).
• Lead, investigate, and document security and privacy incidents, as needed, in accordance with Compass policies and procedures.
• Manage, coach, and mentor Compass Staff and students to develop professionally, while ensuring goals and performance expectations are met.

Benefits

• Medical: Multiple plan options
• Dental: Multiple plan options
• Additional Insurance: Disability, Life, Vision
• Retirement 401(a) Plan: Employer contributes 10%25 of your gross pay
• Paid Time Off: Accruals over the year
• Vacation Days: 22/year (maximum accrual 352 hours)
• Sick Days: 15/year (unlimited maximum accrual)
• Holiday Days: 10/year
• Tuition Benefit: Employees have access to this benefit on all CU campuses
• ECO Pass: Reduced rate RTD Bus and light rail service