"Security and Compliance Manager"

Job Summary

The Security and Compliance Manager plays a critical role in safeguarding Compass's operations and cloud-based solutions. This position is responsible for reviewing and managing agreements and contracts, developing and maintaining internal policies and procedures, and coordinating efforts to ensure compliance with all applicable state and federal regulations. The manager will lead activities to support HIPAA compliance and alignment with NIST 800 standards, ensuring our systems remain secure and audit-ready. Core responsibilities include evaluating internal and external agreements, creating and maintaining compliance documentation, and overseeing program activities to verify that Compass's technology and services meet rigorous regulatory and security requirements.

Key Responsibilities:

Business & Research Compliance (35%):

• Under the supervision of the DFA, work with Compass staff to support the HIPAA compliance program for Compass cloud systems, including researching, justifying, and documenting compliance controls.
• Develop and update applicable system and compliance policies and procedures.
• Draft, update, and evaluate internal and external contracts and agreements, including but not limited to: memorandums of understandings (MOUs), business associate agreements (BAAs), statements of work (SOWs), or master service agreements (MSAs).
• Coordinate processes for data request delivery with the Security and Compliance Committee including reviewing, editing, modifying, validating documentation to match Internal Review Board (IRB) documentation, and coordinate follow up between data owners, requestors/customers, data analysts, and Business Intelligence (BI) developers.

Health Data Compass Technology (40%):

• Manage security and compliance activities, including vulnerability scans and penetration tests, analysis and risk justification of findings, and responding to incidents and issues.
• Provide security and compliance input and feedback to Compass management and engineers for technical designs and strategies in support of cloud technology, data warehouse, and infrastructure platforms.
• Analyze and document risk analysis and risk assessments for system, architecture designs, applications, or software for use within Health Data Compass (HDC).
• Lead, investigate, and document security and privacy incidents, as needed, in accordance with Compass policies and procedures.

Administration (25%):

• Manage, coach, and mentor Compass Staff and students to develop professionally, while ensuring goals and performance expectations are met.