EaseCentral's explosive success in the healthcare management industry is a result of the company's disruptive SaaS innovation and unparalleled service model, forever changing the way employers, brokers, insurance carriers, and general agents think about benefits and HR administration. The company's flagship benefits administration solution - built by brokers for brokers - is widely adopted and reputed, praised for its simplicity and reliability, and already shaping the future of medical benefits technology.
About the Position:
We are currently is looking for an experienced Director of Security & Compliance as the lead compliance expert for our business initiatives. We’re seeking a highly motivated, action-oriented privacy expert who is at ease providing data security and compliance guidance. We need a strong leader who can drive the execution of multiple business plans and projects, while partnering with the broader legal, product, and operations team. The successful candidate will be a security professional who is passionate about ensuring compliance as well as providing an exceptional customer experience.
As a head of our IT department, responsible for organisation-wide systems and information, you will have the following duties and responsibilities:
- Respond to vendor questionnaires and company RFIs.
- Help to define, maintain, and manage the security risk assessments we must ask our partners.
- Lead aspects of periodic review and update the compliance risk assessment in line with HIPAA, SOC2, and HITRUST. Make sure we’re staying compliant on our procedures.
- Identify areas of risk requiring the establishment or enhancement of internal controls, policies and procedures, products and/or services, and training associated with any compliance obligations.
- Assist in the development and maintenance of compliance training related to the corporate compliance program(s), and conduct any necessary training.
- Maintain an excellent technical knowledge of relevant regulations, keeping up to date with new developments and the latest regulatory position.
- As requested and directed, be responsible for overseeing and ensuring implementation of required operational changes to align with governing laws or regulations.
- Keep management and the compliance team informed and updated with progress.
- Ensure findings are recorded in appropriate systems and follow-up with the relevant individuals and management on the resolution and closure of open issues.
- Ensure that risk areas identified are documented and managed and that risks are escalated to the relevant Individuals.
- Diligently execute security & compliance projects as directed by the Chief Operating Officer or General Counsel.
- Bachelor’s degree in Management of Information Systems, technical discipline, or equivalent experience
- Minimum 6 years of experience in information security and compliance, with 3 or more years of management experience.
- Direct experience with SOC 2 Type 2, HIPAA, and HITRUST, or other security regulatory compliance framework, including crafting of policies, implementation of compliance programs, systems and processes, ongoing compliance assessment, and execution of annual audits.
- Deep knowledge and understanding of information technology and infrastructure vulnerabilities.
- Working knowledge of a variety of Information Security tools and systems, including knowledge of advanced threat protection and infrastructure security.
- Excellent motivational, interpersonal, written and oral communication skills and work ethic.
- Demonstrated familiarity and experience with incident handling techniques and processes
- Professional certification(s) preferred such as Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM).
- Demonstrated ability to influence and drive internal and external stakeholders to a decision in a business environment.
- Demonstrated track record of strategic communication and writing skills.
- Demonstrated ability to work independently, meet tight deadlines and work effectively in a multi-functional, international team environment.
What We Offer:
- Competitive Compensation
- Peer bonus system
- Health Benefits
- Flexible Time Off
- STD/LTD Benefits
- ID Theft Protection
- Company Events & Retreats
EaseCentral is an equal employment opportunity employer for all applicants and employees. We do not discriminate on the basis of race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), gender identity, national origin, ancestry, citizenship, age, physical or mental disability, legally protected medical condition, family care status, veteran status, marital status, domestic partner status, sexual orientation, or any other basis protected by applicable local, state, or federal laws. When necessary, we also make reasonable accommodations for disabled employees and for pregnant employees who request an accommodation, with the advice of their health care providers, for pregnancy, childbirth, or related medical conditions.