Compliance and Privacy Specialist

Compliance and Privacy Specialist
Department: General & Administrative
Employment Type: Full Time
Location: Cambridge, MA
Description
When you join our family, you will have a significant impact on the health and well-being of people across the globe. We work together to do good and bring new, innovative healthcare solutions to market. If you are enthusiastic about protecting the company, our clients, and all personal information by ensuring we comply with all the required regulatory requirements, this position may be a good fit for you. If you can translate business drivers and priorities into a compliance framework and plan, understand how to balance compliance risks and business priorities and develop appropriate mitigations strategies when needed, and the ability to articulate the criticality of compliance, then your skills may play a key role in the work we perform. In return, we will assist you in building a career that you can feel enthusiastic about.
You will be responsible for compliance of applicable laws and regulations in each authority in which the company operates. As a Compliance and Privacy Specialist at Iterative Scopes you will be reporting to the Director, Data Privacy and Compliance. You will collaborate with all reams within Iterative Scopes to ensure compliance, determine risks and gaps and compliance awareness. You will be part of a small privacy and compliance team, not only performing the key compliance responsibilities but also contributing to the overall privacy and compliance goals and roadmap. This is a terrific opportunity for an individual that wants to be part of the team that builds out the overall privacy and compliance program as Iterative Scopes continue to grow.
Key Responsibilities

• Policy Management: Manages the company's global compliance framework and program process, including reviewing all new and/or updated global corporate policies for compliance with company requirements, coordinating the review and approval of all global corporate policies and ensuring timely publishing of global policies.
  • Implementation, ongoing management, and continued improvement, of the company's global compliance program.
  • Ensuring standard and controls are well documented, understood, and adhered to.
  • Develop policies, standards and controls where required and provide expertise to other teams where required.
• Risk Assessment, Monitoring, and Auditing: Assists with Compliance risk assessment, monitoring, and auditing activities, including supporting company's compliance and ethics risk assessment process, identifying, and tracking key metrics, compiling trend analysis reports, and remaining current on key compliance and ethics developments. Track risk mitigation plans.
• Reporting and Issue Management: Assist in addressing compliance and ethics-related reports or concerns, maintaining the compliance case management, and conducting appropriate follow-up activities in consultation with the Director, Privacy and Compliance.
• Function as a subject matter expert on global compliance and assist with issues and concerns.
• Document, track and distribute all compliance related metrics as requested.
• Assist in monitoring and assessing the impact of new and/or changing compliance laws, regulations, and Executive Orders.

Requirements & Competencies
Job Requirements

• Bachelor's degree (B.A./B.S.) or equivalent.
• Minimum of three (3) years of compliance and/or ethics professional experience.
• Experience with ethics and health care compliance, for example, HIPAA (Health Insurance Portability and Accountability Act), GCP (Good Clinical Practice), Anti-Kickback Statute (AKS), Physician Payments Sunshine Act ("Sunshine Act"), International compliance and privacy laws (Canada, EU).
• Experience in the life sciences or related industry sector preferred.
• Minimum of 2 years risk management and audit.
• Strong technical background.
• Use industry best practices for compliance and privacy.
• Healthcare related compliance and/or ethics certifications highly preferred but must have at least one (or plan to receive within one year of hire). Examples of preferred certs: CCEP, CCE/CCP/CHC, CHPC, CHRC, CRCM, CERP or equivalent certifications.
• Work well in a collaborative environment while also having autonomy and trust to solve problems and make decisions.
• Familiar with privacy and compliance platforms such as OneTrust, Matrix.
• Expert in GSuite and Windows Office products.

Core Competencies

• Strong organizational and project management skills (including project planning).
• Ability to think logically and creatively to find and present solutions to questions.
• Analytical skills and the ability to demonstrate critical thinking.
• Excellent quantitative skills necessary to extract and analyze both hard and soft data
• Ability to communicate effectively and build strong working partnerships with key stakeholders.
• Ability to navigate diverse business, cultural, and interpersonal environments.
• Ability to compose client-facing narrative responses to questions and concerns.
• Understanding of Iterative Scopes overall control environment.
• Ability to work effectively in a demanding environment.
• Initiative-taking and results oriented.
• Ability to smoothly transition between changing priorities and processes.
• This is a non-technical role; however, an understanding of information security policies, standards and controls is highly desirable. Previous firsthand technical experience in one or more of the following security control areas is preferred:
  • Breach and Incident Response
  • Privacy
  • Business Continuity, Disaster Recovery, Data Protection/Asset Management
  • Healthcare research operational best practices
  • Cyber Security Framework
  • Top 20 CIS Controls
  • Confidentiality, Integrity, and Availability
  • Identity & Access Management
• Previous firsthand experience in privacy regulations a huge plus, preferably in a highly regulated industry (Healthcare), with an understanding of the following, including, but not limited to:
  • HIPAA
  • GDPR, or other international privacy regulations
  • US State Privacy regulations
  • NIST 800-53 and NIST-Privacy
  • COBIT
  • ISO 27001
  • CIS Top 20

Benefits

• Vision/Dental/Medical Insurance
• Life/Disability Insurance
• Maternity/Paternity Leave
• Stock Options
• Flexible Work Hours
• Unlimited Paid Time Off
• Fun Workspace! (Standing Desks, Balance Boards, Ping Pong Table, Pick your own workstation set-ups!)
• Free Snacks and Drinks (Jura Espresso Maker + Snacks upon requests!)
• Free lunch on Fridays