|Job Skills|| 7+ years of experience|
5+ years of information security governance, risk and compliance experience for a global organization (preferably with reliance on cloud computing, but not required)
Looking for someone who can not only maintain the Security certifications but also who needs to know it and can speak/work with the auditor. HM is not looking for a mediator or a liaison type of person. This person should be able to communicate effectively with the auditor and what evidence to prove this and how to get the evidence from Heartflow side.
Policy Management – updates, creation of new policies, etc
3rd party risk management: doing the security reviews for 3rd party risk, what we need to do to assess the risk ; Do not need a lot of hand holding - Write up a simple recommendation
Comfortable working with their boss, Someone who isn’t needy – This person’s manager is a first-time manager who has limited expertise in certifications, limited management of human beings (Auston is mentoring this person) So FYI, Manager isn’t going to be super strong, not a SME or technical.
Oversees mitigation of identified gaps for required certifications (ISO 270001, HIPAA, HITRUST, etc.), Attestations (i.e. SOC 2 Type 2) and frameworks (NIST 800-53, including but not limited to documentation and controls) to completion
Security Training and Awareness experienceIt’s a plus but needs to have a practical understanding of at least two security control frameworks and associated policy requirements from the following set: ISO 27001, NIST CSF, NIST 800 800-53, NIST 800-171, NIST 800-82, Cloud Security Alliance Cloud Controls Matrix (CSA CCM), SOC2, PCI/DSS