The Information Security Compliance manager will work closely with Adaptive’s Security Officer to manage information security compliance, evaluate vendors, and provide assurance to customers.
- Perform assessments and drive efforts to maintain HIPAA security, PCI DSS, and 21 CFR Part 11 compliance
- Drive toward and facilitate maintenance of SOC2 and ISO 27001 certification
- Vet new vendors for appropriate data protection practices, and periodically assess current vendors for ongoing security compliance
- Assist the sales and support teams during pre-sales, contract negotiations and with continued client relationship management with by facilitating the completion of customer security questionnaires
- Facilitate customer security audits that evaluate Adaptive’s data protection controls
- Document and manage the security risk acceptance process
- Bachelors degree and 4+ years previous experience in Information Security or IT audit
- 2 years of project management experience
- Working knowledge of federal and state data protection laws, HIPAA Omnibus Rules, and PCI Data Security Standards
- Working knowledge of security frameworks and risk assessment methodologies and mitigation strategies using industry standards such as ISO 27001, NIST, and SOC attestation reporting, HITRUST, and BITS Shared Assessments
- Certification as SANS GIAC, CISM, CISA, or CISSP preferred
- High level of personal integrity, with the ability to professionally handle confidential matters
- Excellent communication and interpersonal skills.