Director, IT Compliance and System Resiliency

Position Summary:

The Director, IT Compliance is an experienced IT assurance, IT audit or IT risk lead or manager whose career includes a broad range of hands-on experience working with a variety of financial applications and IT environments preferably within healthcare companies, including experience with PCAOB regulations, SOC1&2, ITGC's, SOX, HIPAA, HITRUST, PCI compliance and reporting, and internal controls over financial reporting.

General Duties/Responsibilities (May include but are not limited to):

·       Build, scale, and manage our IT Compliance team to support our needs as a distributed company

·       Be the IT Compliance Expert at Alignment

·       Conduct evaluations of IT risks and controls associated with both on-premise and cloud infrastructure, and processes relating to SOX, HIPAA, ISO, and NIST.

·       Responsible for developing, implementing, and executing a Business Continuity and related Disaster Recovery plan and infrastructure

·       Evaluate 3rd party data exchange relationships to ensure that data protection controls and documentation gaps are satisfactorily addressed.

·       Facilitate regular meetings with business and IT stakeholders to track the progress of ongoing compliance and security remediation and planning efforts.

·       Participate in security tooling and compliance automation implementation efforts.

·       Update, establish and implement information security policy, standards and processes

·       Act as a subject matter expert in understanding regulatory and IT risks, and how compensating controls or mitigating processes affect that risk.

·       Facilitate resolution of IT audit, compliance, and information security-related issues and conduct periodic readiness testing of controls.

·       Manage a team of compliance professionals and drive to achieve excellent compliance outcomes.

·       Provide technical guidance to other DTS team members in managing compliant processes, build and run states.

·       Assist in designing and oversight of technical compliance using vulnerability scans, penetration testing, application, and infrastructure code reviews, etc.

·       Evaluate, propose, and leverage resources and solutions where appropriate that are scalable and cost-effective including in-house, on-premises, cloud, hybrid, hosted, staffing, and sourcing solutions.

·       Lead regular meetings with all members of the IT Compliance team

• Triage and manage priorities of the IT Compliance team
• Represent the IT Compliance team in different company functions
• Create and execute a plan to develop and mature our IT Compliance capabilities and Infrastructure
• Collaborate with all functions of the company to ensure IT Compliance needs are addressed.
• Coordinate enterprise activities in response to third-party audits

Supervisory Requirements:

Oversees any assigned staff. Responsibilities include: recruiting, selecting, orienting, and training employees; assigning workload; planning, monitoring, and appraising job results; and coaching, counseling, and disciplining employees.

Minimum Requirements:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The requirements listed below are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform essential functions.

·       Minimum Experience:

o   Minimum of 10 years of hands-on experience in information technology required; demonstrating a steady growth of skills and responsibility around IT internal controls and processes.

o   Minimum of 7 years of HITRUST, SOC 1 & 2, ITGC, GDPR, ISO27001, and SOX IT Audit experience, including knowledge and experience with PCAOB regulations and requirements.

·       Education/Licensure:

o   Bachelor’s degree in a related field, or a minimum of 10 years of related experience.

·       Other:

o   Familiarity with control standards such as PCAOB/SOX, ISO 27001/2, SOC2, COBIT, HIPAA, PCI, NIST, CSA.

o   Excellent oral and written communication skills; ability to present and discuss technical information in a way that establishes rapport and trust.

o   Preferred

                                                               i.      Experience with Microsoft Azure or AWS.

                                                             ii.      Prior experience in Healthcare or a related HIPAA-regulated industry.

                                                           iii.      Experience with audit or compliance within DevOps-oriented activities.

                                                           iv.      One or more related GRC certifications or accreditations. (e.g., CBCP, CRISC, HITRSUT Practitioner, CISA, CIA, SANS, CISM, or CISSP)

                                                             v.      Experience with SaaS, IaaS and other cloud-based platforms and tools.

                                                           vi.      Creation of software development, release and change control processes and reporting.

                                                          vii.      Ability to design and fit agile controls and lead IT audit engagements across many teams.

                                                        viii.      Ability to multi-task and set workload priorities in a fast-paced and changing environment.

• Work Environment:

• The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Essential Physical Functions:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• While performing the duties of this job, the employee is regularly required to talk or hear. The employee regularly is required to stand, walk, sit, use hand to finger, handle or feel objects, tools, or controls; and reach with hands and arms.
• The employee frequently lifts and/or moves up to 10 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus.