The Security and Controls Manager leads HealthEdge’s HITRUST and SOC 2 efforts across the company within its modern SaaS infrastructure. Reporting into the Director of Cloud Operations, this individual works closely with senior management to identify, evaluate, document and guide the execution of controls by nearly all facets of the organization. These efforts are in support of HealthEdge’s HITRUST Certification as well as helping guide the organization to achieve a SOC 2 report.
In addition to controls, this individual will work closely with the Directors in Cloud Ops, all operational areas, and the CIO to establish and operate a world class security program for our customers. We’re looking to build a completely data and analytic driven approach to security seldom done elsewhere and looking to bring in someone who wants to innovate in this area while helping us address our compliance obligations. This individual will also have team management responsibilities.
HealthEdge® provides modern, disruptive technology that delivers for the first time, a suite of products that enables health insurers to leverage new business models, improve outcomes, drastically reduce administrative costs and connect everyone in the healthcare delivery cycle. Our next-generation enterprise product suite, HealthRules®, is built on modern, patented technology and is delivered to customers via the HealthEdge Cloud or on-site deployment. An award-winning company, HealthEdge empowers health insurers to capitalize on the innovations, challenges and opportunities that await in the new healthcare economy.
- Desire to build a high performing team to lead and drive the execution of the enterprise information security management and SOC 2 program.
- Extensive knowledge of IT and Security Controls – both design and operating effectiveness – as well as best practice frameworks like HITRUST, RiskIT/COBIT, SOC 2 Trust Principles, NIST Cybersecurity Frameworks and NIST 800-53
- 5+ years experience documenting and auditing IT Controls relevant in technology, health and/or financial service industries. Experience working in Cloud, specifically SaaS environments, is helpful.
- Experience working with external auditors, regulators, or otherwise.
- Ability to interact with executive management on a regular basis, as well as represent HealthEdge in a variety of external facing matters, including sales, conferences, and representing the company on industry boards and programs.
- Familiarity with HIPAA and HITECH as well as various state and other federal rules impacting Health Information and PII.
- Demonstrated experience leading and executing SOC 2 engagements.
- Strong interpersonal skills and the desire to work with others. Excellent communication and writing skills.
- Experience designing and implementing comprehensive security communication, awareness, and training programs for the organization.
- Experience planning and executing vendor and organizational risk assessments using the HITRUST framework.
- Ability to comply with all HealthEdge information security and privacy standards.
- Perform all job functions consistent with HealthEdge policies and procedures, including those which govern handling PHI and PII.
- Demonstrated Experience with the following technologies:
- Virtualization Platforms: VMWare, vSphere, vCloud, NSX
- Network Technology: Cisco ASA, Sonicwall NSA, Cisco ISE
- Endpoint Technologies: Kaspersky, Symantec DLP
- OS: Mac, Linux, Windows
- Services: AD, ADCS, ADFS
Bachelor’s Degree in Business, Computer Science, Information Systems, and/or Accounting
Ability to travel up to 10% of the time to offices in Ohio and MA.
CISA and CISSP, CISM, CRISC, HCISPP, CCSFP or other relevant industry certifications.
Experience in Big 4 Consulting and Assurance is a major plus.