IT Compliance Manager

Are you passionate about making a difference in people's lives? Do you enjoy working in a service-oriented industry? If so, this opportunity may be the right fit for you!

POSITION SUMMARY

The Compliance Manger, IT Governance, Risk, & Compliance will be responsible to ensure compliance with legal and regulatory requirements, including but not limited to Sarbanes-Oxley, HITRUST, and HIPAA. This position will be responsible to document processes and gather evidence to support the accurate and timely execution of IT General Controls for all technology related functions. This includes managing timelines for the completion of audit activities and the related remediation utilizing POAM’s. Ability to organize, manage and follow up on a large scale of assigned activities across multiple teams. This role will require effective communication across the organization, and required collaboration with leadership and staff in the compliance, audit and IT organizations.

ESSENTIAL FUNCTIONS

• Audit
  • IT Control Execution
    • Creation, implementation and management of desktop policies, processes, and procedures to support internal and external audit control testing, including but not limited to; HIPAA, SOX, HITRUST, ISO 27000. 
    • Design and document internal control processes
    • Gather evidence related to IT General Controls
    • Analyze and improve processes related to ITGC testing to implement, measure and enforce IT Policy
  • Customer Audits – Ensures all customer compliance commitments are met at all times
  • IT GRC System – Design, implement, and optimize the system to monitor, assign and gather evidence for IT control execution
  • Provide reporting on control compliance to align with audit deadlines
  • Coordinate with other departmental managers to execute controls and review audit related findings
  • Internal Audit PBC - Responsible for all IT aspect of data collection for internal audit's PBCs, working with internal teams to produce accurate data, and assuring a full and comprehensive PBC
  • IT Control Testing & Control Health – Responsible for the timely completion of IT controls on pre-defined intervals (including ad hoc, daily, weekly, monthly, quarterly, and yearly), ensures the health of all IT controls, and manages corrective action plans needed to address any control gaps, weaknesses, or failures
  • Customer Audits - Ensures all customer compliance commitments are met at all times, and supports all interactions with customer audits of our Program
  • Industry Audits - Supports all SOC 2, HITRUST, ISO 27000, etc. engagements & audits
  • Training – Conduct training and knowledge transfer on the execution of audit related control execution for end users and management
• Compliance
  • Regulatory Compliance - Responsible to lead team to gather evidence of the timely and accurate completion of controls for HIPAA, SOX, & ISO 27000 compliance. 
  • Remediation – Document, track and validate completion of remediation activities driven from findings and documented opportunities for improvement
  • Customer Compliance - Tracks key customer compliance requirements & performs customer compliance activities, such as periodically updating specific customers on specific security and compliance program performance items per a given customer's request, to ensure always-on compliance with our customer requirements
  • IT General Controls – Document process and procedure to ensure consistent timely completion of all control activities
• Governance
  • Policy Development – Assess and maintain Security Policy to align with a globally-accepted best practice framework, such as NIST 800-53 or ISO 27000
  • Training – Ensures IT staff are adequately trained to understand the risks & controls for which they are responsible
  • Reporting – Periodically reports metrics related to IT compliance management activities
  • OKRs & KPIs – Develops, monitors, regularly reports, and ensures adherence to OKRs & KPIs for IT risk management
• Risk Management
  • Vulnerability Management – Documents and enhances processes to identify, prioritize, and validate completion of remediation activities related to vulnerabilities
  • Patching – Documents and enhances processes to prioritize, remediate and validate patches for operating systems, applications, and hardware in the enterprise
  • Risk Management - Assist in the development & management of all IT POAMs
  • 3rd Party Assessment Program – Documents and enhances processes to assess Third Party vendors for risk, security posture, and alignment with IT Security Policies
  • Security Awareness – Measure and quantify risk to prioritize security awareness communications and training
• Leadership
  • Select, hire, and train Compliance Analysts
  • Coordinate daily, weekly, monthly activities to optimize resources
  • Drive accountability for completion of tasks on a timely basis
  • Provide feedback and career growth opportunities for members of the team

POSITION QUALIFICATIONS

Competency Statement(s)

• Collaboration - Outstanding team player, sociable, and able to operate easily in cross-functional and cross-departmental roles
• Project Management - Can assist in completing project related deliverables in a thorough and timely manner
• Adaptability - Must be able to react to shifting priorities and multitask
• Analytical Skills - Strong ability to use thinking and reasoning to solve a problem
• Communication, Oral - Excellent ability to communicate effectively with others using the spoken word
• Communication, Written - Excellent ability to communicate in writing, clearly and concisely
• Customer Oriented - Excellent ability to address the customers’ needs while following company procedures
• Decision Making - Ability to make critical decisions while following company procedures
• Detail Orientation – Thorough, accurate, organized and productive
• Interpersonal - Ability to get along well with a variety of personalities and individuals
• Organized – Arranges tasks and activities in a structured, systematic way
• Problem Solving - Excellent ability to find a solution for or to deal proactively with work-related problems
• Relationship Building - Ability to effectively build relationships with customers and co-workers
• Working Under Pressure - Driven ability to complete assigned tasks under stressful situations
• Flexibility - Sets priorities and adapts to changes in a quick, professional manner
• Thoroughness - Research, evaluate, recommend, and document IT GRC solutions
• Pragmatic Strategy - Understands & embraces a balance between security risk probability and practical application of remediation, and is outcome-oriented above all else

Education / Experience

• Bachelor’s Degree in Computer Science, Computer Engineering, or Information Security / Cyber Security, or combination of education, training, and 
• ISC(2) CISSP certificate preferred
• ITIL & GIAC or audit related (CISA/CIA/ISO Lead Auditor) certificates a plus
• Minimum 3 years of experience in a full-time Information Security compliance role

Skills

• Risk Management - Deep expertise in identifying, documenting, and managing qualitative risk.Expertise in quantitative risk, particularly in the FAIR model, is a significant plus.
• Audit Management - Strong understanding of normalized audit processes / methods, goals, motivations, and desired outcomes and organizational skills to ensure timelines are met.
• Compliance - Expertise in regulatory requirements and industry standards such as HIPAA, HITRUST, SOX, SOC, NIST CSF, NIST 800-53, ISO 27000.
• Governance - Can build and maintain easy to understand, easy to follow, and easy to audit policies, procedures, controls, narratives, and other common components of an enterprise IT GRC program.

WORK ENVIRONMENT

• The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
• Entire work time is conducted in an office environment in a controlled atmosphere building.
• The noise level in the work environment is usually moderate

Modivcare’s positions are posted and open for applications for a minimum of 5 days. Positions may be posted for a maximum of 45 days dependent on the type of role, the number of roles, and the number of applications received. We encourage our prospective candidates to submit their application(s) expediently so as not to miss out on our opportunities. We frequently post new opportunities and encourage prospective candidates to check back often for new postings. 

We value our team members and realize the importance of benefits for you and your family.

Modivcare offers a comprehensive benefits package to include the following:

• Medical, Dental, and Vision insurance
• Employer Paid Basic Life Insurance and AD&D
• Voluntary Life Insurance (Employee/Spouse/Child)
• Health Care and Dependent Care Flexible Spending Accounts
• Pre-Tax and Post --Tax Commuter and Parking Benefits
• 401(k) Retirement Savings Plan with Company Match
• Paid Time Off
• Paid Parental Leave
• Short-Term and Long-Term Disability
• Tuition Reimbursement
• Employee Discounts (retail, hotel, food, restaurants, car rental and much more!)

Modivcare is an Equal Opportunity Employer.

• EEO is The Law - click here for more information
• Equal Opportunity Employer Minorities/Women/Protected Veterans/Disabled
• We consider all applicants for employment without regard to race, color, religion, sex, sexual orientation, national origin, age, handicap or disability, or status as a Vietnam-era or special disabled veteran in accordance with federal law. If you need assistance, please reach out to us at [email protected]