Compliance and Validation Manager

Compliance and Validation Manager

Health Sciences IT (HSIT) is looking for a person to manage compliance and validation of various computer systems and processes. The HSIT Research team provides support for the six schools of the health sciences. The compliance and validation manager will be responsible for researching and understanding various governmental standards and security requirements such as NIST 800-171, Part 11 compliance, HIPAA, etc. and translating those standards to requirements for validation procedures for our systems as well as maintaining and updating documentation to maintain compliance.

The incumbent will need to have a basic understanding of networks, firewalls, and server infrastructure to the level they can effectively communicate with server engineers and create appropriate documentation. Experience with HIPAA, FISMA, 21 CFR Part 11, or various NIST compliance and validation are required.
The compliance and validation manager will handle writing/reviewing various policies and procedures, POA&M documents and SSPs. The incumbent will also validate systems as updates are completed by updating and expanding documentation as well as performing various systems tests to ensure the system is validated after updates. This person will also review/audit systems updating SSPs and other documentation as needed to comply with various security standards and policies. Audits on existing systems and review of user actions will also need to be completed on a regular basis.

The compliance and validation manager will work closely with other team members such as system architects, IT security, web developers, and system engineers to create plans in which compliance with various standards can be achieved. The incumbent will work to ensure new templates or processes created for human subject research studies are compliant with federal requirements, for example 21 CFR Part 11. Meticulous attention to detail and excellent documentation skills are required.

Manages the day-to-day performance of compliance assessment projects or programs and resolves compliance issues and ensures compliance. Fosters internal controls, compliance procedures, and compliance audit programs. Assists in all components of audits.

• Review and understand government and industry security standards and regulations as needed and translate those to requirements documentation to validate and ensure systems/process compliance.
• Keep required systems documentation up-to-date and accurate working with system engineers to ensure controls are in place and properly met.
• Create System Security Plans, POA&M, vulnerability analysis for various research systems to ensure compliance.
• Perform internal audits to ensure user and administrative compliance. This can include validating sensitivity of files leaving the secure env., reviewing processes and activities of system engineers, and updating policies and procedures, etc.
• Work with Pitt Digital security to ensure our path aligns with University.
• Work with external and internal auditors to ensure documentation is readily available and in order.
• Create templates for study teams to comply storage and security requirements to ensure study teams know proper processes. Verify these templates with ORP and OSP and coordinate changes with these offices.

Light, Little physical effort. Duties are primarily Sedentary. May be required to move objects up to 25 pounds occasionally.

The University of Pittsburgh is an equal opportunity employer / disability / veteran.