35% Establish and evolve an internal control self-assessment process, leading its execution throughout the subsidiary, and designed to improve the technical and administrative safeguards within the organization. Craft action plans and control recommendations to close operational and technical gaps. Assess operational breach reports to recommend and establish new IT and business process controls that reduce probabilities of future breaches. Propose and oversee detection infrastructure. Utilize audit findings and proactive audit prepatory work to institute technical and procedural controls to mitigate future findings. Work with IT mangers to assess and identify security weaknesses in proposed projects; recommending mechanisms or systems controls to mitigate the risks.
25% Lead implementation and maintenance of a security risk framework, ensuring tie-in to enterprise risk framework. Collaborate with multidisciplinary teams to identify, assess, recommend and assist with the execution of behavioral, procedural and operational changes that reduce administrative, physical and technical risk. Develop and conduct structured breach risk assessments. Produce recommendations documentation and presentations, targeted towards technical and senior-level audiences as needed.
25% Institute enterprise-wide governance framework, collaborating with interdepartmental groups to ensure wide-spread adoption, communication and education. Spearhead process control activities, include formation of delegations of authority and segregation of duties. Lead development of and management maintenance of dashboard reporting system to support strategy and business operations decision-making. Manage governance program road map, proposing new activities and leading associated action steps as defined by the Enterprise Governance Advisory Council. Lead assessment of any proposed governance activities to identify overlaps, operational impacts or potential risks.
15% Recommend and draft organizational SOPs that align the control environment of the organization with changing regulations, risk framework modifications and security control implementations. Develop, institute and maintain subsidiary procedure repository and change control infrastructure. Coordinate departmental procedure maintenance assessments and enhancements based on control and regulatory changes. Establish governance structure around SOP and management directives and develop associated communications and training materials.
Required: This position requires a Bachelors degree in Business Administration, Management Sciences, Information Systems, or other relevant area of study, and 5 years of security control, risk management and governance experience, OR total related work experience. Must be able to synthesize complex systems and risk information into a format easily and completely understood by a diverse audience. Individual must have working knowledge of privacy and security regulations, system controls, business operating processes, and healthcare environment.
Preferred: Master's degree in related field; risk management, security or governance certification; and prior consulting, internal controls, risk and governance strategy execution, and process improvement experience.
Comtech LLC is an equal opportunity and affirmative action employer M/F/D/V
Please submit resumes to firstname.lastname@example.org