Job Overview

• applicable work experience, in performing and running audits, certification programs and control assessments, including but not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, mapping issues to risks and socializing results.
• coordinate audit-related tasks to ensure the readiness of managers and their teams for audit testing and facilitate the timely resolution of any audit findings.
• strong knowledge of common security legal and regulatory requirements. (e.g., pci, soc, csa star, nist, iso/iec 27001, cobit, etc.)
• work on compliance initiatives to ensure operational effectiveness with applicable laws and regulations, as well as internal policies and procedures.
• monitor activities of assigned it areas to ensure compliance with internal policies and standards.
• assist corporate compliance and the business with all required compliance/security-related documentation.
• facilitate for external audits to ensure compliance with all industry-mandated regulations.
• participate in the development and implementation of new business initiatives to ensure functionality required to support compliance.
• provide guidance to business functions on compliance/security-related matters.
• good understanding of it concepts, including cloud hosting, containerization, encryption, networking, operating systems, databases, middleware, and applications.
• knowledge of or experience working with, cloud technologies/environments, aws or other related cloud experience is required.
• ability to effectively communicate to all levels of the organization, including senior management, and other stakeholders that influence the security and compliance posture of phox health.
• ability to assess the nature of controls and identify automation opportunities for increased monitoring and scaling coverage.

what we re seeking

• bachelor s degree in the field of information security, computer science or discipline and/or certifications. (e.g., iso 27001, soc 2, hipaa, hitrust)
• demonstrated ability to apply it-related knowledge and experience in solving compliance issues.
• experience implementing cloud security and compliance standards, frameworks, and controls (iso 27001, soc 2, hipaa, hitrust) for cloud service delivery models (iaas, paas, saas).
• aws certifications (added advantage).
• experience or understanding of governance, risk and compliance (grc) processes and solutions.
• background in security controls, auditing, network and system security.
• ability to express technical concepts in business terms.
• able to work well under deadlines in a changing environment and complete multiple projects effectively and concurrently.
• evaluate effectiveness of the internal security control framework and recommend adjustments as business needs change.
• regularly interact with all levels of management to present and discuss audit results and obtain gap remediation status.