Security Compliance Administrator II

SUMMARY:  The Security Compliance Administrator is responsible for developing, implementing, and overseeing the organization’s security compliance program to ensure adherence to applicable laws, regulations, industry standards, and internal policies. This role partners cross-functionally with IT, HR, Legal, Risk Management, and executive leadership to mitigate security risks, maintain regulatory compliance, and protect organizational assets. The ideal candidate is highly organized, detail-oriented, proactive, and experienced in managing compliance frameworks and audit processes.

Essential Duties and Responsibilities include the following. Other duties may be assigned.

•  Develop, implement, and maintain the organization’s information security compliance program.
• MANDATORY knowledge of HIPAA compliance (RxDC, Gag Clause, CMS)
• Ensure compliance with applicable regulatory requirements (e.g., HIPAA, SOX, PCI-DSS, state privacy laws, etc., as applicable).
• Monitor changes in laws, regulations, and industry standards and recommend updates to policies and procedures.
• Conduct internal risk assessments and compliance audits.
• Coordinate and manage external audits and assessments.
• Develop and maintain security policies, standards, and procedures.
• Partner with IT and business units to ensure appropriate security controls are in place.
• Lead incident response documentation and ensure proper reporting procedures are followed.
• Track remediation efforts and ensure timely resolution of compliance findings.
• Provide training and guidance to employees on security and compliance requirements.
• Maintain documentation to demonstrate compliance readiness.
• Report compliance status, risks, and mitigation strategies to executive leadership.

Supervisory Responsibilities:  

This position has no supervisor responsibilities

Knowledge,   Skills & Abilities: 

• Strong understanding of cybersecurity  frameworks (NIST, ISO 27001, SOC 2, etc.).
• Knowledge of data privacy regulations and industry security standards.
• Annual RxDC reporting
• Annual Gag Clause Attestation coordination & submission
• SOC 2 Audit
• Vendor Management
• Excellent analytical and risk assessment  skills.
• Strong written and verbal communication  skills.
• Ability to work cross-functionally and   influence stakeholders.
• Strong project management and  organizational skills.
•  High level of integrity and discretion in handling sensitive information .

Qualifications:   

Certifications   (Preferred):

• CISA    (Certified Information Security Administrator)
• CISSP  (Certified Information Systems Security Professional)
• CISA   (Certified Information Systems Auditor)
• CRISC   (Certified in Risk and Information Systems Control)

Education   and/or Experience:   

• Bachelor’s  degree in Information Security, Cybersecurity, Business Administration,  Risk Management, or related field (Master’s preferred).
• 5+  years of experience in information security, compliance, audit, or risk management.
• Experience  managing regulatory audits and compliance programs.

Language   Skills:   

Ability   to read, speak, and write effectively in English. Ability to interpret complex  documents. Ability to write routine   reports and correspondence. Ability to   speak effectively before customers or employees of organization. Ability to   effectively address or resolve customer service issues within guidelines of   the position.

Mathematical   Skills:   

Ability   to add, subtract, multiply and divide in all units of measure, using whole   numbers, common fractions, and decimals. Ability to compute rate, ratio, and percentage and to draw and   interpret bar graphs.

Reasoning   Ability:   

Requires   an ability to analyze complex information, identify patterns, and solve novel   problems with minimal supervision. Key responsibilities include evaluating   evidence, thinking critically to identify root causes, and forecasting future  business needs.

Physical   Demands: 

The   physical demands described here are representative of those that must be met   by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities  to perform the essential functions.

While   performing the duties of this Job, the employee is regularly required to sit   for extended periods in front of a computer. The employee is frequently   required to reach with hands and arms and talk or hear. The employee is   occasionally required to stand; walk and use hands to finger, handle, or   feel. The employee may frequently lift and/or move up to 10 pounds. Specific   vision abilities required by this job include close vision, distance vision,   peripheral vision, depth perception, and ability to adjust focus. This position requires the employee to work  in the office 2-3 days per week.

Work  Environment: 

The   work environment characteristics described here are representative of those  an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities   to perform the essential functions.

The   noise level in the work environment is usually quiet.