Information Security Compliance Lead

Job Description

Summary

The ISL helps understand operational issues and plans next steps from an information security viewpoint.

Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the National Institute of Standards and Technology (NIST) 800-53 framework is what the ISL will be analyzing and enforcing, maintaining, and helping to assess on each designated account or health care product within Gainwell Technologies and its partners.

Your role in our mission

• Product Integration Management: Facilitate the integration of MMIS SaaS, Immunization Registry, Women, Infant, and Childcare solutions, Early Intervention programs, and other Gainwell products into client systems. Coordinate with technical teams to ensure smooth deployment and compatibility of products within client environments. Compliance and operational focused
• Data Security and Compliance: Educate stakeholders on the importance of safeguarding PHI/PII data embedded within Gainwell products. Implement and enforce compliance measures to mitigate risks associated with sensitive information
• Client Support and Communication: Serve as a primary point of contact for clients regarding product functionalities, updates, and troubleshooting. Communicate effectively with internal teams to address client concerns and optimize product performance
• Enhancement and Innovation: Collaborate with product development teams to identify opportunities for product enhancement and innovation based on client feedback and industry trends. Contribute to the roadmap of Gainwell products by providing insights into market demands and emerging technologies.
• Lead Security operational governance activities
• Ensuring delivery excellence in security tooling and business operations (Ensuring avoidance of non-performance / non-compliance contractual penalties).
• Maintain an account security plan and other security related documentation for the selected account(s) and Products
• Ensure Audit and penetration assessment preparation, facilitation, and remediation
• Manage security risk and exceptions to security standards within the organization and third-party risk. To include vulnerabilities, defects, and exploits.
• Ensure knowledge sharing and implementation of security fundamentals, policies, and standards (regulatory and contractual)
• Escalate and resolve Security Incidents with the Security Incident Response (SIR) team and Account Executives (AE)
• Manage and report security incidents
• Coordinate delivery of Security Metrics and Reporting in support of contractual commitments
• Documentation including writing policies, standards, procedures, process, and security plans
• Continuous security education

• Bachelor's degree in computer science, information technology or related field preferred
• Ten or more years of experience in information security
• Experience working with corporate level security systems and implementation procedures
• Experience working with corporate and government security regulations (HIPAA & NIST 800-53)
• Experience working with domain structures, user authentication, user profiles and digital signatures
• CISSP certification

• Strong communication skills to interact with team members, customers, management and support personnel
• Strong analytical and problem solving skills for design, creation and testing of security systems
• Leadership skills to guide and mentor the work of less experienced personnel
• Strong research skills
• Ability to work independently and as part of a team
• Ability to handle multiple tasks simultaneously and switch between tasks quickly

• Hybrid/Remote environment
• Will require to work overlapping US hours (2PM to 11PM IST)