IT Security and Compliance Manager

MEDVA

Early Applicant

5 days ago
Be among the first 50 applicants

Exp: 5-7 Years

Full time

Philippines

Job Description

The IT Security & Compliance Manager is responsible for ensuring the security, integrity, and compliance of the organization's information systems, with a particular emphasis on HIPAA and SOC2 requirements. This role involves developing, implementing, and overseeing security policies and practices, ensuring adherence to industry standards and regulations, and leading efforts to mitigate risks associated with information security. The ideal candidate will have strong experience in IT security management, particularly in environments governed by HIPAA and SOC2 standards.

ESSENTIAL JOB FUNCTIONS:

Security Management:

Develop and manage the organization's information security strategy, policies, and procedures.
Monitor security systems and respond to incidents, ensuring that responses align with compliance requirements.
Lead efforts in vulnerability management, penetration testing, and risk assessments.
Oversee the security of networks, applications, and data, particularly in regulated environments.

Compliance & Risk Management:

Ensure the organization's IT infrastructure and processes comply with HIPAA, SOC2, and other relevant regulations.
Lead internal and external audits, working closely with auditors and regulatory bodies.
Develop and maintain a risk management program, including regular assessments, mitigation strategies, and reporting.
Collaborate with legal and compliance teams to ensure all contracts and business processes meet regulatory requirements.

Leadership & Collaboration:

Lead and mentor security professionals, ensuring alignment with compliance and security goals.
Collaborate with other departments to integrate security measures into business processes and projects.
Provide security training and awareness programs across the organization.
Serve as the primary point of contact for external stakeholders on security-related matters.

Technology & Innovation:

Stay informed on emerging security trends, technologies, and threats.
Lead the evaluation, selection, and implementation of security technologies and tools.
Participate in the design and implementation of IT systems to ensure security and compliance are embedded.

Documentation & Reporting:

Maintain detailed documentation of system security configurations, processes, and procedures.
Generate regular reports on compliance efforts, security status, and IT operations.
Collaborate with other IT team members to improve and optimize IT security and compliance.

EDUCATIONAL/EXPERIENCE REQUIREMENTS:

Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field.
Relevant certifications (e.g., e.g., CISSP, CISM, CISA, HCISPP) are highly desirable.

SKILL REQUIREMENTS:

Minimum of 5 years of experience in IT security, with a focus on compliance management.
Demonstrated experience in leading security initiatives and managing compliance with HIPAA and SOC2 standards, with specific experience as a HIPAA Privacy and/or Security Officer preferred.
Experience in conducting and managing internal and external audits.
Proven track record in managing security in cloud environments and implementing secure software development practices.
Strong knowledge of information security standards and frameworks (e.g., HIPAA, SOC2, ISO 27001).
Expertise in risk management, vulnerability management, and incident response.
Familiarity with cloud security (AWS, Azure, GCP).
Proficiency in security technologies and tools (e.g., SIEM, firewalls, encryption, DLP).
Excellent analytical and problem-solving abilities.
Strong leadership and team management skills.
Effective communication skills for both technical and non-technical audiences.