Compliance Consultant

Description

BB23792
Pleasanton, CA 94588
Contract to Hire

Compliance Consultant

IT Compliance HASP – Business Consultant Lead

The HIPAA Application Security Program (HASP) is a significant part of IT Compliance’s portfolio of work. HASP is a CLIENT program addressing only specific areas of HIPAA (Health Insurance Portability and Accountability Act): privacy and security standards. This program is a multi-year, cross-portfolio, business and IT partnership that will apply applicable HIPAA Security Rule standards and implementation specifications to all applications and databases that contain Protected Health Information (PHI). This program will also ensure compliance with the de-identification of data which is part of the HIPAA Privacy Rule.

In the HASP’s Infrastructure work-track you will be responsible for partnering with business and CLIENT Information technology groups to assess existing in-scope databases, host servers, and other infrastructure components as required. The success of this unit requires dedicated professionals who possess the analytical, feasibility, relationship and executive summary skills needed to inquire upon, capture and accurately report on the current status of technology layers assessed. Upon completion of the assessments you will be responsible for facilitating remediation for all gaps that have been identified.

Responsibilities of the Business Consultant – Consultant/Specialist include:

1. Utilizing the HASP assessment tool to interact with IT and business individuals to collect and document technical, business process, issue and recommendation information for three primary HASP work tracks; Application Remediation/De-Identification of Data/Offshore.
2. Working with HASP project and program managers to identify and develop solution options.
3. Collating, organizing and analyzing the collected data to produce executive summary and other presentations and reports related to findings and recommendations.
4. Working with HASP project teams, participating in the development of requirements and business cases to ensure compliance requirements are met.
5. Working proactively with HASP project and program managers to resolve issues.

Minimum requirements/knowledge:

1) Bachelor degree in Computer Science, Information Systems, Management Information Systems, or Business Administration or other related field. Significant and relevant technical experience meeting the job description may be substituted for degree requirements.
2) 3+ years technology risk management experience (eg Audit, Compliance, etc.) in a Public Accounting firm or a highly regulated industry. This would include the following disciplines:
a. Current information security and compliance vendor landscape
b. Control frameworks such as COSO
c. Regulatory requirements in particular, HIPAA, SOX, PCI-DSS, Privacy
Candidate should demonstrate versatility with a track record of experience in interpretation and application of a broad spectrum of regulatory imperatives.
3) Experience in performing broad scale, complex IT Security Assessments with a strong preference for prior experience with one or more of the following areas of disciplines: application, host, database, and or network security, and configuration management.
4) Familiar with System Development Lifecycle Concepts
4) Excellent written and verbal communication skills.
5) Strong client relationship focus with business sponsors, enterprise architects, and information security engineers to articulate business case and technology options.
6) Candidate functions effectively as an individual contributor.
7) Solid understanding of Enterprise Risk Management and Strategy frameworks as well as understanding of current enterprise threat scenario as related to healthcare
8) The Business Consultant Lead will be required to know or learn the CLIENT-IT program and process methodology and to execute it within the established CLIENT and CLIENT-IT organizational framework and oversight processes.
9) Excellent MS Office skills especially in Excel, PowerPoint and Word.

Preferred requirements/knowledge:
1) Certified Information Security Analyst/Manager (CISA/M) designation
2) Experience in internal consulting and customer account management; defining engagement scope, negotiating commitments, gathering requirements, defining deliverables, designing integrated solutions, and overseeing technical implementations considered a plus
3) Strong information security background including current vulnerabilities

Apply online at jobs.client.org and enter requisition number xxxxx. The benefits of working for an organization of our size and scope will change your career perspective in a healthy way.

This position consistently supports compliance and the Principles of Responsibility (client’s Code of Conduct) by maintaining the privacy and confidentiality of information, protecting the assets of the organization, acting with ethics and integrity, reporting non-compliance, and adhering to applicable federal, state and local laws and regulations, accreditation and licensure requirements (if applicable), and clients policies and procedures.