IT Compliance Program Manager

Information Security Program Manager - Compliance Specialist (Contingent/Contractor) REMOTE

We are seeking an Information Security Compliance Specialist to perform hands‑on execution and coordination of HITRUST audit and Third‑Party Risk Management (TPRM) activities under the direction of Information Security Compliance leadership. This role focuses on tactical audit readiness and sustainment activities, including control testing, evidence collection, documentation, and vendor due diligence, to meet HITRUST CSF framework requirements and support successful audits.

This position works closely with Information Security, IT, Legal, Privacy, and business stakeholders to execute compliance activities, validate control effectiveness, and maintain audit‑ready evidence. The ideal candidate is detail‑oriented, audit‑experienced, and comfortable performing day‑to‑day compliance tasks across multiple work streams without people‑management responsibilities.

• Execute HITRUST CSF audit readiness and sustainment activities under the direction of Information Security Compliance leadership.
• Perform control evidence collection, validation, and documentation to support HITRUST assessments and ongoing compliance.
• Assist with control design and operating effectiveness testing, documenting results in alignment with HITRUST assessment requirements.
• Support coordination with internal teams to obtain timely, accurate audit evidence.
• Maintain organized and up‑to‑date audit documentation and evidence repositories to support continuous readiness.
• Track assigned audit findings, corrective action plans (CAPs), and remediation evidence through closure.

• Support third‑party/vendor security risk assessments for vendors handling PII/PHI/ePHI or supporting regulated systems.
• Review vendor documentation, including SOC 2 Type II reports, HITRUST certifications, ISO/IEC 27001 attestations, and security questionnaires.
• Document identified control gaps, risks, and remediation actions in accordance with internal TPRM procedures.
• Assist with vendor follow‑ups, evidence collection, and reassessments as required.
• Help maintain vendor risk records and compliance tracking to support audits and regulatory inquiries.

• Execute day‑to‑day compliance activities aligned to HITRUST CSF, HIPAA, PCI Requirements
• Translate technical security implementations into clear, audit‑ready documentation and control evidence.
• Support maintenance of policies, procedures, and control narratives to reflect current operational practices.
• Assist with cross‑framework mappings and evidence reuse efforts to improve efficiency and consistency.
• Identify and escalation compliance gaps or documentation issues to Information Security Compliance leadership.

• 5+ years of experience in Information Security Compliance, IT Risk, IT Audit, or Internal Audit roles.
• Hands‑on experience supporting or coordinating HITRUST assessments or similar security assurance programs, including readiness, evidence management, and assessor interaction.
• Experience working in healthcare, life sciences, or healthcare‑regulated environments.
• Strong working knowledge of HIPAA Security and Privacy Rules and healthcare regulatory expectations.
• Experience conducting third‑party/vendor security risk assessments.
• Working knowledge of NIST 800‑53, NIST CSF and ISO/IEC 27001 frameworks.
• Ability to understand and assess technical controls related to IAM, logging/monitoring, endpoint security, vulnerability management, and cloud infrastructure.
• Working knowledge of security tools such as SIEM, endpoint protection, IAM, DLP, and cloud security platforms.
• Strong documentation, prioritization, and stakeholder communication skills.
• Excellent documentation, organizational, and stakeholder communication skills.

• Bachelor's degree in Cybersecurity, Information Systems, Health Information Management, or a related field (or equivalent experience).

• Progress toward, or intent to pursue, industry‑recognized certifications such as CISA, HCISPP, HITRUST CCSFP, or CISSP.
• Experience…