Information Security and Compliance Director (HiTrust/SOC2) - Remote

We are seeking a self-starter, individual contributor to work across technical, legal, and business stakeholders to ensure that systems across the Organization are aligned with current information security standards. This role will manage the compliance program, provide policies, guidance and strategic direction to the entire technology group.

Primary Responsibilities:

• Work independently to manage the company s information security program, including policies, standards and procedures.
• Provide security awareness, education, and training based on industry best practices and internal policies.
• Direct Vulnerability Management - scanning for vulnerabilities and contributing to remediation efforts. Follow up on Pentest results.
• Monitor compliance with security standards and execute information security risk assessment, including SOC2, HiTrust.
• Provide security and compliance frameworks.
• Monitor and drive compliance efforts corporate-wide.
• Maintain awareness of trends in the latest cloud technologies, security regulations, and operational requirements, and advise across the business.
• Work with internal departments in the organization to reduce risk and with external clients to explain security posture.
• Coordinate compliance/privacy/process audits with external vendors, manage and address findings and act as a SME to guide the process internally.
• Participate in vendor security review process - both for internal vendors and external prospects.
• Participate in prospect security-related review process, including completing information security questionnaires for Sales RFP's, participating on sales calls for security due diligence.
• Provide threat analysis of emerging vulnerabilities.
• Knowledge of WAF s and IDS solutions.
• Participate in Risk Management and mitigation efforts.
• Participate in SDLC software hardening.
• Disseminate corporate security and compliance training.
• Work with outside vendors to manage security monitoring.
• Manage SIEM alerts and tuning.
• Lead efforts forensic efforts in the resolution of security incidents. Must perform network, application, and log correlation, analysis, and alerts.

Requirements

• Experience implementing and managing compliance with HIPPA, SOC2 & HiTrust; Familiarity with applicable legal / regulatory requirements for HIPAA and GDPR.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical stakeholders.
• Knowledge of Data Loss Prevention (DLP) implementation and management.
• In-depth HIPAA Compliance experience is required.
• Knowledge of Azure cloud.
• Bachelor's degree in Information Security, Computer Science, or a related field is required (Master's degree preferred).
• Knowledge of NIST (National Institute of Standards and Technology) cybersecurity framework is preferred.