Security Compliance Administrator

About The Position

Requirements

• Strong understanding of cybersecurity frameworks (NIST, ISO 27001, SOC 2, etc.).
• Knowledge of data privacy regulations and industry security standards.
• Annual RxDC reporting
• Annual Gag Clause Attestation coordination & submission
• SOC 2 Audit
• Vendor Management
• Excellent analytical and risk assessment skills.
• Strong written and verbal communication skills.
• Ability to work cross-functionally and influence stakeholders.
• Strong project management and organizational skills.
• High level of integrity and discretion in handling sensitive information.
• Bachelor’s degree in Information Security, Cybersecurity, Business Administration, Risk Management, or related field (Master’s preferred).
• 5+ years of experience in information security, compliance, audit, or risk management.
• Experience managing regulatory audits and compliance programs.
• Ability to read, speak, and write effectively in English. Ability to interpret complex documents. Ability to write routine reports and correspondence. Ability to speak effectively before customers or employees of organization. Ability to effectively address or resolve customer service issues within guidelines of the position.
• Ability to add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions, and decimals. Ability to compute rate, ratio, and percentage and to draw and interpret bar graphs.
• Requires an ability to analyze complex information, identify patterns, and solve novel problems with minimal supervision. Key responsibilities include evaluating evidence, thinking critically to identify root causes, and forecasting future business needs.

Nice To Haves

• CISA (Certified Information Security Administrator)
• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)

Responsibilities

• Develop, implement, and maintain the organization’s information security compliance program.
• Ensure compliance with applicable regulatory requirements (e.g., HIPAA, SOX, PCI-DSS, state privacy laws, etc., as applicable).
• Monitor changes in laws, regulations, and industry standards and recommend updates to policies and procedures.
• Conduct internal risk assessments and compliance audits.
• Coordinate and manage external audits and assessments.
• Develop and maintain security policies, standards, and procedures.
• Partner with IT and business units to ensure appropriate security controls are in place.
• Lead incident response documentation and ensure proper reporting procedures are followed.
• Track remediation efforts and ensure timely resolution of compliance findings.
• Provide training and guidance to employees on security and compliance requirements.
• Maintain documentation to demonstrate compliance readiness.
• Report compliance status, risks, and mitigation strategies to executive leadership.