Job
Description
Understanding applicable regulations, standards (e.g. HITRUST, SOC-2, HIPAA, TX-RAMP, PCI-DSS, etc.) and industry best practices to manage risk and ensure compliance Perform process definition/update and deployment across all teams in consultation with the respective functions. Identify best practices, drive continuous information security related process improvement and facilitate deployment of information security process changes Document the identified Information Security Policies and processes to ensure compliance with legal, regulatory and security standards (e.g. HITRUST, SOC-2, HIPAA, TX-RAMP, PCI-DSS, etc.) and maintain the Information Security Management Systems. Perform due diligence for third party contracts and perform periodic 3rd party Risk Assessments. Drive and complete Information Security Assessments assigned to MRO by its clients. Manage and support Information Security Risk Management Lifecycle across MRO. Ensure appropriate treatment of risk, compliance, and assurance from internal and external perspective. Own and drive the Information Security Incident Management Program at MRO. Be responsible for security audits performed at MRO based on HITRUST, HIPAA, PCI-DSS, TX-RAMP, etc. Drive the phishing simulation program at MRO and focus on its continual improvement. Drive Business Impact Analysis, Privacy Impact Analysis across MRO to determine and update applicable RTOs and RPOs. Design and participate in Business Continuity & Disaster Recovery efforts across MRO. Maintain and update security training material and conduct training programs to coach and guide the teams in deploying the policies and processes Supporting departments in collecting security specific metrics, conducting analysis and identifying actions for process improvement Prepare and circulate weekly, monthly and quarterly reports for the Infosec team and present it to Infosec leadership team. Ensure procedures and playbooks for all sub teams within Infosec team is always up to date. General Skills: Flexibility and ability to shift to operational hands-on activities as needed Conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities Client management experience Speed and quality of deliverable is the key Excellent communication and presentation skills Technical/Domain Skills: Must have hands on experience of HITRUST based policy/process definition, implementation and participation in at-least one (1) full end to end HITRUST audit cycle Desirable : Knowledge/work experience on SOC2, HIPAA, PCI-DSS, TX-RAMP and NIST Cybersecurity Framework. MatchScore":1.0,"
