Manager of Compliance and Information Security
Twistle is seeking a Director of Compliance and Information Security to lead our data protection and regulatory adherence, responsible for developing a HIPAA-compliant privacy program for ensuring the integrity of PHI, and ensuring adherence to general information security policies, procedures and control systems among Twistle’s employees, associates, contractors and business partners. The Director of HIPAA Compliance and Information Security will work closely with Twistle’s legal, product, and engineering organizations on a day to day basis, and will act as the primary interface with external auditors during any audit activities. In this role, you will be expected to manage Twistle’s cyber policy implementation and risk assessment, including continuous monitoring, core risk management, and development of sector-oriented policy frameworks, such as SOC 2, NIST, and HIPAA/HITRUST.
In this role, you will be expected to:
- Direct Twistle’s information security risk and compliance efforts.
- Conduct data analysis to inform cyber risk. Create cyber risk assessment process for change management and third party vendor review, covering vulnerability management, incident response, security tool assessment and maintenance
- Lead Twistle through a successful HITRUST assessment and validation
- Lead Twistle’s use of HITRUST Common Security Framework to measure and maintain the maturity of the company’s security program.
- Develop internal compliance policies and procedures and manage company wide adherence and training.
Please see complete job description online.Qualifications:
How to Apply:
- Direct experience and demonstrable expertise in the field of IT security within the US Healthcare sector
- Experience with audit and risk management frameworks, such as SSAE 16 SOC-2, HITRUST, NIST CS, and PCI DSS
- Ability to collaborate cross-functionally with engineering teams, other business units, and IT security/compliance peers at customer sites
- iThe ideal candidate will hold one or more security certifications, and be extremely familiar with IT security both inside and outside of corporate healthcare provider environments in the United States./i>