Description
Security & Compliance Program Manager (CG28736)
Pleasanton, CA, 94588
12+ Month Contract
Contract Terms: W2
The HIPAA Application Security Program (HASP) is a significant part of IT Compliance's portfolio of work. HASP is a program addressing only specific areas of HIPAA (Health Insurance Portability and Accountability Act): privacy and security standards. This program is a multi-year, cross-portfolio, business and IT partnership that will apply applicable HIPAA Security Rule standards and implementation specifications to all applications and databases that contain Protected Health Information (PHI). This program will also ensure compliance with the de-identification of data which is part of the HIPAA Privacy Rule.
The continued evolution of Health Care reform has driven unprecedented changes in the regulatory and Compliance landscape within the Health Care industry. In HASP you will be responsible for partnering with business and technology constituencies to address these evolving challenges by embedding risk management and compliance management competencies into day to day activities. Success requires dedicated professionals who possess the analytical, feasibility, relationship and executive summary skills needed to form highly reliable risk management strategies to meet various Compliance requirements.
At the Program Management Principle level you will be responsible for providing advanced compliance program management for HASP. In addition, you will provide analytical, feasibility, business case and executive summary skills needed to form highly reliable risk management strategies to meet various compliance requirements.
Responsibilities of the Program Manager include:
1. An in-depth understanding of the broad regulatory landscape impacting business areas. Remain current with emerging regulatory sentiments as well as solution trends in the marketplace.
2. Assessing the impact of laws and regulations on systems and technology. Work with other risk organizations to shape organizational control policies and standards.
3. Manage large scale risk/security assessment studies and projects to validate and remediate perceived risks. Perform interviews, document design assessments, and walkthroughs of key controls (both new and existing).
4. Lead cross-functional remediation teams in developing processes using requirements gathered from clients and engineering.
5. Exhibit pragmatism in formulating process remediation and implementation strategies, defining work tracks; and submitting assessment findings and recommendations
6. Support IT multi-year planning process by providing program and project descriptions, estimated costs and risk justification data.
7. Develop and nurture trusted relationships with Business Partners, IT Executives, Security & Compliance Officers and other Compliance Team Members to gain consensus approvals on strategies, recommendations, findings, project plans, etc.
Responsibilities of an ITC HIPAA Application Security Program (HASP) Program Manager Principle
Minimum requirements/knowledge:
1) 10+ years as a Project Manager
2) Demonstrated proficiency with 85% of IT functions
3) Information Technology Experience
4) Health Care Industry Knowledge
5) Understanding of the system life cycle
6) Excellent verbal and written skills
7) Excellent MS Office skills especially in Excel, PowerPoint and Word.
8) Hands-on approach to project management
9) PMP Certification
10) Understanding System Life Cycle (SLCI) a plus
11) Bachelor degree in Computer Science, Information Systems, Management Information Systems, or Business Administration or other related field. Significant and relevant technical experience meeting the job description may be substituted for degree requirements.
12) 4+ years technology risk management experience (eg Audit, Compliance, etc.) in a Public Accounting firm or a highly regulated industry.
This would include the following disciplines:
a. Current information security Knowledge
b. Familiarity with Compliance vendor landscape
c. Control frameworks
d. In depth knowledge of regulatory requirements in particular, HIPAA, SOX, PCI-DSS, Privacy
Candidate should demonstrate versatility with a track record of experience in interpretation and application of a broad spectrum of regulatory imperatives.
13) Experience in performing broad scale, complex IT audit and compliance assessments with a strong preference for prior experience with one or more of the following disciplines: network security, configuration management, privacy, and access management.
14) Candidate functions effectively as an individual contributor.
15) Solid understanding of Enterprise Risk Management and Strategy frameworks as well as understanding of current enterprise threat scenario as related to healthcare
16) Knowledge or ability to learn the IT program and process methodology and to execute it within the established IT organizational framework and oversight processes.
Preferred requirements/knowledge:
1) Certified Information Security Auditor/Manager (CISA/M) designation or CISSP
2) Excellent communicator with strong client relationship focus with business sponsors, enterprise architects, and information security engineers to articulate business case and technology options
3) Practical experience managing multiple large-scale compliance/audit projects simultaneously, strong internal consulting, customer account management, and defining engagement scope, negotiating commitments, gathering requirements, defining deliverables, designing integrated solutions, and overseeing technical implementations considered a plus
4) Proven experience proposing enterprise level solutions to mitigate risk of receiving a material deficiency in IT general controls
Minimum number of years of experience required
10+ years as a Project Manager
Demonstrated proficiency with 85% of IT functions
Information Technology Experience
Health Care Industry Knowledge
Understanding of the system life cycle
4+ years technology risk management experience (eg Audit, Compliance, etc.) in a Public Accounting firm or a highly regulated industry.
This would include the following disciplines:
a. Current information security knowledge
b. Familiarity with Compliance vendor landscape
b. Control frameworks
c. In depth knowledge of Regulatory requirements in particular, HIPAA, SOX, PCI-DSS, Privacy
Candidate should demonstrate versatility with a track record of experience in interpretation and application of a broad spectrum of regulatory imperatives.
Top 3 - 5 Daily responsibilities
Manage all aspects of assigned work track
Manage team
Manage deliverables
Interaction, facilitation, coordination with other IT groups and business users
Reporting and monitoring
Top 3 - 5 Required Skills
Experience in performing broad scale, complex IT audit and compliance assessments with a strong preference for prior experience with one or more of the following disciplines: network security, configuration management, privacy, and access management
Solid understanding of Enterprise Risk Management and Strategy frameworks as well as understanding of current enterprise threat scenario as related to healthcare
Understand controls framework
Understand risk framework
Excellent verbal, written, and presentation skills
Desired skills
Certified Information Security Auditor/Manager (CISA/M) designation or CISSP
Excellent communicator with strong client relationship focus with business sponsors, enterprise architects, and information security engineers to articulate business case and technology options
Practical experience managing multiple large-scale compliance/audit projects simultaneously, strong internal consulting, customer account management, and defining engagement scope, negotiating commitments, gathering requirements, defining deliverables, designing integrated solutions, and overseeing technical implementations considered a plus
Proven experience proposing enterprise level solutions to mitigate risk of receiving a material deficiency in IT general controls
Soft Skills
Excellent MS Office skills especially in Excel, PowerPoint and Word.
Stage of the project
End to end project life cycle
Educational Requirement:
4-year degree in related field Preferred BA or BS or MBA
PMP Certification
Will this Req convert to a FTE position? If so, do you only want to see individuals eligible to convert to FTE status? yes, preferable
Can the contractor work remotely or do they need to be onsite. majority onsite; some remote work ok.