Director of Security Compliance

As the Director of Security Compliance, you will ensure the secure operation of the hosted environments, computer systems, servers, and network connections in accordance with our internal processes, procedures, and HITRUST compliance requirements.

Summary:

This is an opportunity to join an innovative and rapidly growing software company with offices in Farmington, CT and Wellesley, MA as Director of Security Compliance. Our team and strategic investors are passionate about transforming healthcare. As a rapidly growing organization serving the healthcare market, we are looking for the right people who align with our vision, mission and culture and are excited about joining a fast-paced, entrepreneurial environment.

The Director, of Security Compliance’s role is to ensure the secure operation of the hosted environments, computer systems, servers, and network connections in accordance with our internal processes, procedures, and HITRUST compliance requirements. The security compliance officer’s tasks also includes conducting regularly scheduled audits on systems and hosting third-party audits as required in order to maintain certifications and compliance certificates. The security compliance officer will deploy, manage, and maintain security audit systems and their corresponding or associated software as well as developing, implementing, maintaining, and overseeing enforcement of internal security policies and procedures. The compliance officer also plans and implements system security administration and user system access based on industry-standard best practices and compliance requirements.

Responsibilities:

  • Manage process of HITRUST certification including updating or drafting new policies and procedures.
  • Review policies and procedures related to HIPAA Security Rule physical, administrative and technical safeguards.
  • Provide ongoing oversight of HITRUST and HIPAA compliance.
  • Provide compliance reports and participate in regular compliance meetings to discuss issues and mitigation strategies.
  • Assess and audit security requirements by studying business requirements; conducting system security and vulnerability analyses and risk assessments.
  • Stay up to date with all governmental regulations regarding information protections and security system protections.
  • Work with engineering department heads to implement and maintain secure coding best practices as well as risk mitigation as part of CI/CD pipeline.
  • Work with internal IT to implement and maintain multitenant hosted environment security best practices and requirements, as well as end point security.

Required Knowledge and Skills:

  • Demonstrated knowledge of secure hardware, software and network design techniques.
  • Demonstrated strategy for analyzing and preventing security incidents in highly complex environments.
  • In-depth knowledge of computer hardware, software and network security issues and approaches.
  • In-depth knowledge of the industry’s standards and regulations including HIPAA and HITRUST
  • A business acumen partnered with a dedication to legality
  • Methodical and diligent with outstanding planning abilities; ability to manage and prioritize multiple projects
  • Excellent analytical and problem-solving skills
  • Strong relationship building and communication skills
  • Project management and previous work with system implementation preferred

Basic Qualifications:

  • Bachelor’s degree in Computer Science related discipline (Master’s preferred).
  • 10 years of experience working in a complex IT organization with at least 5 years of Cyber Security Leadership.
  • 5+ years of compliance experience

Work Conditions:

  • Environment and Physical – Office environment. 25% travel on a national basis.

Location:

  • Farmington, CT or Wellesley, MA

About Diameter Health:

Diameter Health enables clinical insight through the normalization, deduplication, intelligent organization, and enrichment of clinical data from across the care continuum. This creates a single, unified source of longitudinal structured patient information for improved care and actionable analytics. The Diameter Health platform empowers organizations that depend on multisource data streams, such as Health Information Exchanges (HIEs), Accountable Care Organizations (ACOs), health systems and health plans, to realize greater value from their data.

Contact:  Heather Erwin, Human Resouce Manager

® Diameter Health is a trademark registered in the US Patent and Trademark Office.