Compliance Manager (Contract Position)

Truveta

Contract Position

Summary

This job is for a Compliance Manager (Contract Position) at Truveta, a health provider led data platform. The Compliance Manager will be responsible for establishing and maintaining governance over Truveta's internal controls environment, ensuring compliance with certifications and attestations related to security and privacy. The role requires strong analytical and communication skills, as well as experience in IT auditing and compliance.

What you'll do

  • Developing and overseeing a large inventory of business and technology-related control systems aligned with legal guidelines, internal policies and procedures, and new and future certifications and attestations, i.e., ISO 27001, ISO 27018, ISO 27701, Type 2 SOC 2, and HITRUST.
  • Designated responsibility for performing key compliance rhythm of business activities that must be kept to committed timelines, e.g., controls testing, remediations, risk exceptions, information security and privacy intake requests, and risk tracking
  • Standing up and maintaining internal technical controls to support security and privacy, e.g., identity management, user access, data integrity, change management, physical and logical security, privacy related to data controller and processor, and system development life cycle (SDLC) controls
  • Analyzing and rationalizing targeted certification standard requirements and control gaps
  • Effectively communicating the intent of certification standards to technical and non-technical control owners and performers
  • Writing technical security and privacy-related risk statements, control statements, control execution steps, and suggested evidence to properly support certification requirements
  • Staging and coaching control owners and performers for successful audit walkthroughs
  • Testing controls and identifying gaps requiring remediation
  • Implementing and maintaining compliance automation tools
  • Analyzing internal and vendor business systems to ensure compliance with industry regulations and ethical standards
  • Creating, modifying, updating, and assisting as needed with implementing Truveta policies and procedures
  • Developing risk management strategies and performing risk assessments according to Truveta’s methodology
  • Designing ongoing relevant security and privacy-related training programs for employees of the business
  • Liaising with other departmental heads to ensure all business operations are in line with business policies and procedures
  • Advising mid- and senior management on business operations related to investment, business objectives, certifications and attestations, risks, and other policy and procedure development.

Requirements

  • Developing and overseeing a large inventory of business and technology-related control systems aligned with legal guidelines, internal policies and procedures, and new and future certifications and attestations, i.e., ISO 27001, ISO 27018, ISO 27701, Type 2 SOC 2, and HITRUST.
  • Designated responsibility for performing key compliance rhythm of business activities that must be kept to committed timelines, e.g., controls testing, remediations, risk exceptions, information security and privacy intake requests, and risk tracking
  • Standing up and maintaining internal technical controls to support security and privacy, e.g., identity management, user access, data integrity, change management, physical and logical security, privacy related to data controller and processor, and system development life cycle (SDLC) controls
  • Analyzing and rationalizing targeted certification standard requirements and control gaps
  • Effectively communicating the intent of certification standards to technical and non-technical control owners and performers
  • Writing technical security and privacy-related risk statements, control statements, control execution steps, and suggested evidence to properly support certification requirements
  • Staging and coaching control owners and performers for successful audit walkthroughs
  • Testing controls and identifying gaps requiring remediation
  • Implementing and maintaining compliance automation tools
  • Analyzing internal and vendor business systems to ensure compliance with industry regulations and ethical standards
  • Creating, modifying, updating, and assisting as needed with implementing Truveta policies and procedures
  • Developing risk management strategies and performing risk assessments according to Truveta’s methodology
  • Designing ongoing relevant security and privacy-related training programs for employees of the business
  • Liaising with other departmental heads to ensure all business operations are in line with business policies and procedures
  • Advising mid- and senior management on business operations related to investment, business objectives, certifications and attestations, risks, and other policy and procedure development.

Apply

Click below to be taken to the Truveta hiring page.

Location

Seattle, WA

Contract Length

Contract duration: Ongoing

Compensation

$65 - $90 (per hour)

Keywords

iso 27001 iso 27018 iso 27701 type 2 soc 2 hitrust

Similar Jobs

Looking for something similar to this position from Truveta? Check out our positings below.