SUMMARY:

The Security Compliance Specialist within the development teams will be responsible for ensuring controls and processes are defined and held to the highest standard by all the development staff. This role will help guide team members through the development projects, ensuring a quality compliant process is adhered to for the highly regulated healthcare industry. The Security Compliance Engineer will employ security compliance and technical knowledge with a desire for continuous improvement. This role will affect the About Healthcare teams with a meaningful positive influence for the controls and processes.

ESSENTIAL FUNCTIONS :

This class specification lists the major duties and requirements of the job and is not all-inclusive. Incumbent(s) may be expected to perform job-related duties other than those contained in this document and may be required to have specific job-related knowledge and skills.

• Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures and standards in order to validate maintenance of secure configurations.
• Maintain and track compliance across multiple security frameworks including SOC 2, NIST and HITRUST.
• Maintain up-to-date compliance records of requirements and corresponding mitigating controls.
• Monitor third-party risk assessments and assist in performing internal risk assessments.
• Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
• Monitor change management process to ensure compliance.
• Develop key performance metrics to track and ensure compliance with established policies and standards.
• Support development of security processes and procedures and support service-level agreements to ensure that security controls are managed and maintained.
• Participate in the development of security and privacy awareness training in conjunction with other members and groups in the organization.
• Ensuring the company's technical compliance with applicable laws and regulations.
• Conduct tests and studies into the company's product compliance.
• Produce reports on compliance testing, developments, and processes.
• Instituting best-practice procedures for compliance and risk mitigation.
• Develop strategies and implementation plans for compliance-related matters.
• Explain and define compliance protocols and measures to stakeholders and relevant authorities.
• Partner with the Architecture and development resources to ensure projects are meeting proper compliance standards
• Represent the security team to other engineering disciplines as well as product management, customer support, and implementations.
• Keep abreast of the security compliance community to ensure compliance with the latest practices and technologies
• Other duties as assigned

QUALIFICATIONS:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.

Need to Have:

• Bachelor’s Degree
• Ability to be successfully credentialed for VA systems access
• 5 years of IT Infrustsructure, enterprise applications, or software development
• Experience delivering large scale SaaS applications

Nice to Have:

• Bachelor’s Degree in Computer Science or related field
• Experience with compliance assessments (e.g., SOC 1, SOC 2, HITRUST, FedRamp)
• Prior experience working in a private equity-funded organization.
• Healthcare technology experience.
• Knowledge of Microsoft Azure, AWS.
• Experience delivering large scale SaaS applications
• Security certifications.

Required Knowledge and Skills

Required Knowledge:

• Business planning and development.
• Working knowledge of software development life cycle methodology, preferably within a Scrum environment
• Strong oral and written communication skills
• Excellent analytical and problem-solving skills with attention to detail
• Ability to partner and work across teams and levels within the organization
• Knowledge of Entity Framework or similar ORM tools
• Mentoring & career development/growth skills
• Correct business English, including spelling, grammar and punctuation

PHYSICAL/MENTAL REQUIREMENTS:

The physical demands described herein are representative of those that must be met by an employee to successfully perform the essential functions of the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Mobility to work in an office setting, use standard office equipment and stamina to sit for extended periods of time; strength to lift and carry up to 10 pounds; vision to read printed materials and computer screens; and hearing and speech to communicate in person or over the telephone.
Travel as needed to support company and customer initiatives. Work on Site at our St Paul office may be required and ABOUT reserves the right to change the location of the role at any time.

This role may involve work on federal government contracts that require additional federal background investigations, training, and federal badging. As such, you will may required to submit personal information to the government and be fingerprinted and photographed at your local Department of Veteran Affairs Medical Center.

ABOUT offers a flexible, purpose-built solution that empowers hospitals and health systems to operate as one connected network of care. We enable easy access for clinicians to move patients into and out of the acute care setting - getting them to the next, best care setting faster and easier. Complemented by our clinical experts and best practices, we provide health systems the necessary controls and insights to grow with resilience, drive clinician effectiveness, and improve patient outcomes.