Senior Manager Information Technology Compliance–Health Care Technology
Our client is changing the way our healthcare providers operate. This opportunity is an important position that supports their growth and business support.
· This role provides assurance and risk-based consulting to the Information Technology compliance program including Security, SOX, PCI and Privacy Programs. This entails developing testing programs to provide feedback to various members of management including Senior Leadership team. The position requires collaborating with IT security to develop metrics and tests performance to provide independent verification of health of various programs. The position also partners with Management on privacy programs including assisting on developing programs for any newly passed legislation.
· Ongoing duties include continuing to develop IT SOX programs, conducting testing to ensure compliance with Sarbanes Oxley, working with external auditors as needed and giving feedback to Management on the design of programs. This requires performing risk-based audits including pre-implementation reviews and ongoing testing on PCI program as well as providing risk-based feedback to help the organization meet long-term objectives.
· Demonstrates clear communication throughout the organization and becomes an effective partner with IT and business leadership.
· Performs ongoing risk assessments and discusses vulnerabilities with various members of Management.
· 8 plus years’ experience in IT Security or IT Audit required.
· 5 plus years testing compliance programs either in public accounting, consulting or at a public company (preferably in a retail environment) including SOX, IT Audits, and Security testing prefered.
· 2+ years’ experience with testing PCI programs (ISA, QSA or other comparable experience) is necessary.
· CISA required. CISSP or CISM preferred.
· Knowledge of IT frameworks is required, including NIST, PCI, and SOX.
· Knowledge of security best practices (design, data protection, networks, encryption, access, threat intelligence, etc.) is necessary; experience with Privacy Programs including GDPR and CCPA is needed.