IT Compliance and Audit Manager
Position Title: IT Compliance and Audit Manager
Department: Strategic Information and Systems
Reports to: Director of Information Technology
Location: Boston/US-Remote (5-10% Travel)
The IT Compliance & Audit Manager is responsible for developing and managing the continuous compliance and audit process in working with both internal and external resources. This individual will play a key role in serving as a subject matter expert on Partners In Health’s (PIH) strategy towards NIST CSF framework alignment as well as lead building the GRC matrix for the organization.
The Compliance & Audit Manager will lead all communication and project planning in support of the security posture alignment. This alignment will also include being the go-to for all internal and external stakeholder communications related to the GRC framework and its implementation. The Compliance & Audit manager will be responsible for design and execution of compliance and auditing guidelines and standards in accordance to policies and procedures with industry best practices. The Compliance & Audit Manager will lead policy management and their documentation for the organizations implementation of the framework and its continuous evolution.
- Participate in conducting gap analyses, security and risk assessments with both internal and external stakeholders.
- Design and implement a Plan of Action and Milestones (POA&M) to attain target security profile based on determined gaps with focus on a list of prioritized action plan developed to address the gaps.
- Establish and manage a continuous compliance and audit process.
- Define and manage the organizations implementation of the NIST CSF framework.
- Lead security awareness trainings with support from IT members.
- Oversee the policy framework by developing, updating and maintaining the policies and their procedures and standards.
- Support building life cycle processes into existing and potential technologies with a focus on compliance, auditing and security risks.
- Support documentation process of the IT environment across the organization's technology landscape.
- Perform Information Security assessments, compliance gap analysis, risk assessments and develop policies and procedures with respect to organization needs.
- Lead strategy and deliverables based on security audits and risk assessments.
- Measure progress towards framework alignment through status updates and reporting on technical challenges and key timelines.
- Document processes and implementations across the plethora of environments and systems managed by the IT team.
- Review risk assessments on an ongoing basis and implement risk mitigation processes and plans to achieve required risk tolerance levels.
Other duties assigned to ensure the proper functions of the team & meet organizations needs as identified.
- Bachelor (4-year) degree, with a technical major, such as engineering or computer science.
- Work experience in place of Bachelor degree (5+ years as System Engineer or equivalent).
- 3+ years of Information Security discipline.
- Experience with NIST, CIS, CMMC, ISO 27001/2, GRC frameworks and their implementation process.
- Certifications related to CSSP, CISSP, CEH, SEC+, ITIL, COBIT, PMP
- Problem-solving skills.
- Technical and organized attitude.
- In-depth knowledge of computer and network systems.
- Ability to travel up to 2-4 weeks per year and lift up to 50lbs.
- Ability to describe technical information in easy-to-understand terms.
- Exemplary interpersonal skills; ability to collaborate effectively with culturally diverse staff across departments and country.
- Interest in social justice strongly desirable.
Partners In Health (PIH) is a non-profit, global health organization that fights social injustice by bringing the benefits of modern medical science first and foremost to the most vulnerable communities around the world. PIH focuses on those who would not otherwise have access to quality health care. PIH partners with the world’s leading academic institutions to create rigorous evidence that shapes more sound and all-inclusive global health policies. PIH also supports local governments’ efforts to build capacity and strengthen national health systems.
As of today, PIH runs programs in 11 countries (Haiti, Peru, Rwanda, Mexico, Sierra Leone, Liberia, Malawi, Lesotho, Russia, Kazakhstan, Navajo Nation), where it provides direct care to millions of patients, through public facilities and community engagement.
Partners In Health (PIH) is committed to the fundamental principle of equal opportunity and equal treatment for every prospective and current employee. It is the policy of PIH not to discriminate on the basis of race, color, national or ethnic origin, ancestry, age, religion, creed, disability, sex and gender, sexual orientation, gender identity and/or expression, military or veteran status, or any other characteristic protected under applicable federal, state or local law. PIH works in and with a number of governments in and outside the U.S., and to the extent applicable, this statement is intended to incorporate the prohibition of any unlawful discrimination covered by applicable laws in such countries, states and municipalities.
Partners In Health participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9.