InfoSec Compliance Documentation Specialist

Remote

Full Time

Information Technology

Experienced

This is a remote/hybrid role & prefer a UTAH resident.

Job Summary:
We are seeking a highly skilled and detail-oriented Security and Privacy Compliance Specialist to join our team. In this role, you will have an important role in ensuring that our organization complies with industry standards, regulations, and best practices related to information security and privacy. You will play a critical role in safeguarding sensitive data, maintaining compliance with legal and regulatory requirements, and fostering a culture of security awareness across the organization.

Key Responsibilities:

Compliance Management:

Monitor and ensure adherence to relevant security and privacy regulations, such as SOC-2, HIPAA, HITRUST, and others.
Conduct regular compliance audits and risk assessments to identify gaps and recommend corrective actions.

Policy Development:

Participate in the Development, implementation, and maintenance of security and privacy policies, procedures, and guidelines.
Ensure documentation is current and accessible to relevant stakeholders.

Risk Management:

Identify potential risks to the organization’s data security and privacy and work with other members of the security team to develop mitigation strategies.
Collaborate with cross-functional teams to implement risk management practices.

Training and Awareness:

Design and deliver training programs to educate employees on security and privacy best practices.
Promote awareness of security threats and ensure employees understand their role in compliance efforts.

Incident Response:

Assist in the development and execution of incident response plans.
Participate in documenting investigations of security breaches and privacy violations, ensuring timely reporting to regulatory bodies when necessary.

Vendor, Customer, and Third-Party Management:

Assess third-party vendors and partners for compliance with security and privacy standards.
Work with business to establish data protection agreements.
Work with Sales team to onboard new clients by completing and returning security information requests, and questionnaires.
.

Monitoring and Reporting:

Regularly review and analyze security systems and controls to ensure compliance with evolving regulations.
Prepare and present reports to senior management on the organization's security and privacy compliance status.

Qualifications:

Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or experience in a related field preferred.
Proven experience in information security, privacy compliance, or a related field.
In-depth knowledge of relevant regulations, standards, and frameworks (e.g., GDPR, HIPAA, HITRUST, SOC-2, NIST, ISO-27001, and others.)
Strong analytical and problem-solving skills, with keen attention to detail.
Excellent communication and interpersonal skills to work effectively with technical and non-technical stakeholders.
Ability to manage multiple projects and meet deadlines in a fast-paced environment.

Preferred Skills:

Familiarity with data protection technologies and tools (e.g., encryption, DLP, SIEM systems).
Knowledge of emerging privacy laws and trends.

About AAPC:

AAPC (www.aapc.com) is the world’s largest and fastest-growing training, certification, and solutions association in healthcare.
AAPC Values:

DRIVEN | Self-starts and stays highly motivated to achieve ambitious goals. Shares contagious energy and enthusiasm liberally. Takes initiative without always being directed. Demonstrates confidence in decision-making and effectively balances autonomy and authority with accountability.

HUMBLE | Learns, adapts, and improves relentlessly. Seeks feedback without insecurity and implements coaching. Recognizes others' contributions gratefully. Approaches work and relationships with an abundance mentality. Places the needs of others above self.

TRANSPARENT| Integrity-centered, honest, truthful, and trustworthy in all aspects of work. Keeps commitments to external and internal parties. Holds self strictly accountable, valuing the trust placed in them by others.

SUPPORTIVE | Empowers and uplifts others. Listens actively and responds with empathy and understanding. Prioritizes well-being and growth of team members and customers ahead of own interest. Faces challenges together, believing in collective strength and unity.

INNOVATIVE | Entrepreneurial spirit with a scrappy mentality. Dreams big, sees opportunity, pursues full potential, and finds ways to accomplish the impossible. Rolls up sleeves and does real work. Works quickly, intelligently, and flexibly.

What we Offer:

Compensation commensurate with experience
Comprehensive benefits package including medical, dental and vision insurance
Health Savings Account
Generous PTO and Holiday Pay
401(k) retirement plan
Remote/virtual-office consideration

AAPC is an Equal Opportunity Employer.
This company is committed to fairness and equal opportunity in our hiring practices. We do not discriminate on grounds unrelated to a candidate's ability to perform the duties of the job. Our focus is on finding the best person for each role, based on merit and fit, to ensure success both for our company and for the individual’s professional growth.

We are an Equal Opportunity Employer. This company does not and will not discriminate in employment and personnel practices on the basis of race, sex, age, disability, religion, national origin, or any other basis prohibited by applicable law. Hiring, transferring and promotion practices are performed without regard to the above-listed items.

Apply for this position

Required*

Apply with Indeed

First Name*

Last Name*

Email Address*

Phone*

Address*

Resume*

We've received your resume. Click here to update it.

Attach resume or Paste resume

Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Who referred you to this position? Enter their first and last name here.

LinkedIn Profile URL:

Desired salary*

Are you legally authorized to work in the United States?*

Do you now, or will you in the future, require sponsorship for employment visa?*

Do you reside in the state of Utah?*

Do you have experience conducting SOC-2 audits or assessments?*

Have you worked on a project involving HITRUST certification?

Do you have at least 2 years of experience in security and privacy compliance roles?*

Are you familiar with the five Trust Service Criteria for SOC-2: Security, Availability, Processing Integrity, Confidentiality, and Privacy?*

Have you developed or implemented a risk management program in alignment with SOC-2 or HITRUST requirements?*

Have you successfully helped an organization achieve SOC-2 or HITRUST certification?*

Have you worked in an environment where ongoing SOC-2 or HITRUST certification was a requirement?*

Have you trained or educated employees on security and compliance best practices for SOC-2 or HITRUST?*

Are you familiar with data privacy regulations like GDPR, CCPA, or HIPAA, and how they interact with SOC-2 or HITRUST?*

Have you worked with a security framework that incorporates privacy criteria into its controls (e.g., HITRUST Privacy Controls)?*

Have you been part of a team responsible for a SOC-2 Type I or Type II audit?*

Have you directly interacted with external auditors for SOC-2 or HITRUST assessments?*

Do you have experience conducting internal audits or pre-assessments for HITRUST or SOC-2 readiness?*

Have you implemented corrective actions based on findings from SOC-2 or HITRUST audits?*

Have you authored or updated policies and procedures to align with SOC-2 or HITRUST standards?*

Have you ever designed or managed a third-party vendor risk management program?*

Are you familiar with the documentation requirements for HITRUST certification?*

Do you have experience with control frameworks like COSO or NIST that underpin SOC-2 and HITRUST standards?*

Are you familiar with the process of mapping controls between SOC-2 and HITRUST?*

Have you ever performed gap analyses for organizations preparing for SOC-2 or HITRUST certification?*

The following questions are entirely optional.

To comply with government Equal Employment Opportunity and/or Affirmative Action reporting regulations, we are requesting (but NOT requiring) that you enter this personal data. This information will not be used in connection with any employment decisions, and will be used solely as permitted by state and federal law. Your voluntary cooperation would be appreciated. Learn more.

Gender

Race/Ethnicity

Human Check*

Submit Application