IT Compliance Program Manager

Information Security Program Manager - Compliance Specialist (Contingent/Contractor) REMOTE

Overview

We are seeking an Information Security Compliance Specialist to perform hands-on execution and coordination of HITRUST audit and Third-Party Risk Management (TPRM) activities under the direction of Information Security Compliance leadership. This role focuses on tactical audit readiness and sustainment activities, including control testing, evidence collection, documentation, and vendor due diligence, to meet HITRUST CSF framework requirements and support successful audits.

This position works closely with Information Security, IT, Legal, Privacy, and business stakeholders to execute compliance activities, validate control effectiveness, and maintain audit-ready evidence. The ideal candidate is detail-oriented, audit-experienced, and comfortable performing day-to-day compliance tasks across multiple workstreams without people management responsibilities.

RESPONSIBILITIES

HITRUST & Audit Coordination

• Execute HITRUST CSF audit readiness and sustainment activities under the direction of Information Security Compliance leadership.

• Perform control evidence collection, validation, and documentation to support HITRUST assessments and ongoing compliance.

• Assist with control design and operating effectiveness testing, documenting results in alignment with HITRUST assessment requirements.

• Support coordination with internal teams to obtain timely, accurate audit evidence.

• Maintain organized and up-to-date audit documentation and evidence repositories to support continuous readiness.

• Track assigned audit findings, corrective action plans (CAPs), and remediation evidence through closure.

Third-Party Risk Management (TPRM) 

• Support third-party/vendor security risk assessments for vendors handling PII/PHI/ePHI or supporting regulated systems.
• Review vendor documentation, including SOC 2 Type II reports, HITRUST certifications, ISO/IEC 27001 attestations, and security questionnaires.
• Document identified control gaps, risks, and remediation actions in accordance with internal TPRM procedures.
• Assist with vendor follow-ups, evidence collection, and reassessments as required.
• Help maintain vendor risk records and compliance tracking to support audits and regulatory inquiries.

Compliance Program Execution 

• Execute day-to-day compliance activities aligned to HITRUST CSF, HIPAA, PCI Requirements
• Translate technical security implementations into clear, audit-ready documentation and control evidence.
• Support maintenance of policies, procedures, and control narratives to reflect current operational practices.
• Assist with cross-framework mappings and evidence reuse efforts to improve efficiency and consistency.
• Identify and escalate compliance gaps or documentation issues to Information Security Compliance leadership.

Required Qualifications

• 5+ years of experience in Information Security Compliance, IT Risk, IT Audit, or Internal Audit roles.
• Hands-on experience supporting or coordinating HITRUST assessments or similar security assurance programs, including readiness, evidence management, and assessor interaction.
• Experience working in healthcare, life sciences, or healthcare-regulated environments.
• Strong working knowledge of HIPAA Security and Privacy Rules and healthcare regulatory expectations.
• Experience conducting third-party/vendor security risk assessments.
• Working knowledge of NIST 800-53, NIST CSF and ISO/IEC 27001 frameworks. 
• Ability to understand and assess technical controls related to IAM, logging/monitoring, endpoint security, vulnerability management, and cloud infrastructure.

• Working knowledge of security tools such as SIEM, endpoint protection, IAM, DLP, and cloud security platforms.

• Strong documentation, prioritization, and stakeholder communication skills.

• Excellent documentation, organizational, and stakeholder communication skills.

Education

• Bachelor’s degree in Cybersecurity, Information Systems, Health Information Management, or a related field (or equivalent experience).

Preferred Qualifications

• Progress toward, or intent to pursue, industry-recognized certifications such as CISA, HCISPP, HITRUST CCSFP, or CISSP.
• Experience supporting risk or compliance assessments in cloud environments (e.g., AWS, Azure, or GCP).
• Familiarity with GRC platforms used for audit tracking, evidence management, and risk workflows (e.g., AuditBoard or similar tools).

EEO

We recognize that our people are our strength and the diverse talents they bring to our global workforce are directly linked to our success. We are an equal opportunity employer and place a high value on diversity and inclusion at our company. In hiring and all other employment decisions, we prohibit discrimination and harassment on the basis of any protected characteristic, including race, religion, color, national origin, gender, sexual orientation, gender identity, gender expression, age, marital or veteran status, pregnancy or disability, or any other basis protected under applicable law. In accordance with applicable law, we make reasonable accommodations for applicants’ and employees’ religious practices and beliefs, as well as any mental health or physical disability needs.

#RemoteWork #ContingentContractor #JobOpportunity #CareerOpportunity #ITCompliance #ComplianceManager #ITAudit #SOXCompliance #RiskManagement #ITControls #AuditLeadership #CyberSecurity #NIST #ISOCompliance #HIPAA #PCICompliance #GovernanceRiskCompliance #GRC #LI-KO1