The Director of Privacy & Compliance will direct the business in all dimensions of regulatory compliance; maintains an effective corporate compliance program; and oversees/ coordinates all efforts to monitor and maintain compliance with all HIPAA and HITRUST requirements.
Overview: This is an opportunity to join an innovative and rapidly growing software company with offices in Farmington, CT and Wellesley, MA as a Director, Privacy & Compliance. Our team and strategic investors are passionate about transforming healthcare. As a rapidly growing organization serving the healthcare market, we are looking for the right people who align with our vision, mission and culture and are excited about joining a fast-paced, entrepreneurial environment.
The Director of Privacy and Compliance will be the Senior compliance operator in our enterprise. You will direct the business in all dimensions of regulatory compliance; maintains an effective corporate compliance program; and oversees/ coordinates all efforts to monitor and maintain compliance with all HIPAA and HITRUST requirements. The ideal candidate will have managed compliance in a healthcare company before and can demonstrate significant audit and assessment experience. You will be responsible for partnering with stakeholders to coordinate all compliance activities that meet the business needs now and in the future. Additionally, you will oversee the development all compliance-related project proposals and RFP responses, and ultimately partner with the CISO in ensuring a secure and compliant enterprise.
- Management and execution of compliance programs for HIPAA, HITRUST, FedRAMP, and other data privacy regulations (e.g., CCPA and CPRA). A good understanding of GDPR is also required.
- Serve as coordinating liaison for our HITRUST certification including updating or drafting new policies and procedures, evaluate procedures and collect supporting documentation and evidence.
- Integrate IT security requirements and HIPAA compliance with the organization’s business strategies and requirements.
- Review, develop, execute, and maintain procedures for compliance.
- Work with our CISO to ensure adherence to required security policies.
- Oversee all incident management and response.
- Respond and communicate with internal teams, customers, and prospects worldwide on information security questionnaires and inquiries.
- Oversee risk assessments and internal audits.
- Assess and define the current and future organizational needs of our enterprise as it scales, to anticipate the appropriate level of compliance and security.
- Provide compliance reports and participate in regular compliance meetings to discuss issues and mitigation strategies.
- Assess and audit security requirements by studying business requirements, overseeing system security and vulnerability analyses and risk assessments.
- Align and consult on compliance policies and procedures with key stakeholders including Sales, IT, Legal, Finance, Product, Engineering, and customers.
- Maintain expertise with all current and evolving regulatory requirements.
Required Knowledge and Skills:
- Demonstrated ability to oversee HIPAA and HITRUST or SOC2/3 compliance.
- Deeply familiarity with HIPAA, HITRUST, BAAs, FedRAMP and state level data protection regulations and requirements as well as experience in their practical application.
- Experience with risk management methodologies and frameworks.
- A business acumen partnered with a dedication to legality.
- Excellent analytical and problem-solving skills.
- Strong relationship building and communication skills to ensure effective partnering with senior peers in the organization.
- Project management and previous work with system implementation preferred.
- 7+ years of experience in compliance related positions.
- Compliance management of a HIPAA regulated entity.
- HITRUST experience preferred.
- Bachelor’s degree or equivalent experience.
Work Conditions: Willingness and ability to travel in a post-COVID world (up to 25%).
Apply with resume to: Careers@DiameterHealth.com