Information Security Consultant – System and Organization Controls, SOC 1/SOC 2 Compliance
Tevora
Cyber Security
Security Governance Program Manager
Imagine Pediatrics
full-time
Posted on:
Origin: • 🇺🇸 United States
Visit company websiteSalary
💰 $110,000 - $140,000 per year
Job Level
Mid-LevelSenior
About the role
- Serve as a key subject matter expert (SME) for governance, risk, and compliance within Imagine Pediatrics' information security team.
- Support the implementation and ongoing program management for HITRUST r2 certification.
- Maintain Imagine Pediatrics' security policies, standards, and procedures.
- Lead and enhance the third-party/vendor risk management program.
- Administer the security GRC toolset, including the enterprise risk register.
- Coordinate and drive internal security risk assessments and auditing activities.
- Collaborate with business and clinical teams to ensure effective ePHI management.
- Respond to third-party security and privacy diligence requests.
- Work with external auditors and partners on security certifications and attestations.
Requirements
- BS degree in computing, information security, or a related field. MS degree preferred.
- 5+ years of information security GRC or audit experience accepted in lieu of a degree.
- Strong experience implementing and maintaining a HITRUST r2 program.
- Working knowledge of healthcare industry security and privacy regulations (HIPAA, HITECH).
- Experience with SOC 2, ISO 27001 and NIST security frameworks.
- Industry certifications preferred, such as CRISC, CISA, CISM, or ISO 27001 Lead Auditor.
- Prior experience supporting security in healthcare companies.
- Experience with compliance automation tools like Hyperproof, Drata or Vanta is a plus.
- Highly organized, motivated, and capable of working independently as a self-starter.
- Excellent communication skills, with the ability to translate complex compliance requirements for technical and business audiences.
