Security Compliance Administrator II

Description:

SUMMARY: The Security Compliance Administrator II is responsible for developing, implementing, and overseeing the organization’s security compliance program to ensure adherence to applicable laws, regulations, industry standards, and internal policies. This role partners cross-functionally with IT, HR, Legal, Risk Management, and executive leadership to mitigate security risks, maintain regulatory compliance, and protect organizational assets. The ideal candidate is highly organized, detail-oriented, proactive, and experienced in managing compliance frameworks and audit processes.

Essential Duties and Responsibilities include the following. Other duties may be assigned.

• Develop, implement, and maintain the organization’s information security compliance program.
• Ensure compliance with applicable regulatory requirements (e.g., HIPAA, SOX, PCI-DSS, state privacy laws, etc., as applicable).
• Monitor changes in laws, regulations, and industry standards and recommend updates to policies and procedures.
• Conduct internal risk assessments and compliance audits.
• Coordinate and manage external audits and assessments.
• Develop and maintain security policies, standards, and procedures.
• Partner with IT and business units to ensure appropriate security controls are in place.
• Lead incident response documentation and ensure proper reporting procedures are followed.
• Track remediation efforts and ensure timely resolution of compliance findings.
• Provide training and guidance to employees on security and compliance requirements.
• Maintain documentation to demonstrate compliance readiness.
• Report compliance status, risks, and mitigation strategies to executive leadership.

Supervisory Responsibilities:

This position has no supervisor responsibilities

Requirements:

Knowledge, Skills & Abilities:

• Strong understanding of cybersecurity frameworks (NIST, ISO 27001, SOC 2, etc.).
• Knowledge of data privacy regulations and industry security standards.
• Annual RxDC reporting
• Annual Gag Clause Attestation coordination & submission
• SOC 2 Audit
• Vendor Management
• Excellent analytical and risk assessment skills.
• Strong written and verbal communication skills.
• Ability to work cross-functionally and influence stakeholders.
• Strong project management and organizational skills.
• High level of integrity and discretion in handling sensitive information.

Qualifications:

Certifications (Preferred):

• CISA (Certified Information Security Administrator)
• CISSP (Certified Information Systems Security Professional)
• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)

Education and/or Experience:

• Bachelor’s degree in Information Security, Cybersecurity, Business Administration, Risk Management, or related field (Master’s preferred).
• 5+ years of experience in information security, compliance, audit, or risk management.
• Experience managing regulatory audits and compliance programs.

Language Skills:

Ability to read, speak, and write effectively in English. Ability to interpret complex documents. Ability to write routine reports and correspondence. Ability to speak effectively before customers or employees of organization. Ability to effectively address or resolve customer service issues within guidelines of the position.

Mathematical Skills:

Ability to add, subtract, multiply and divide in all units of measure, using whole numbers, common fractions, and decimals. Ability to compute rate, ratio, and percentage and to draw and interpret bar graphs.

Reasoning Ability:

Requires an ability to analyze complex information, identify patterns, and solve novel problems with minimal supervision. Key responsibilities include evaluating evidence, thinking critically to identify root causes, and forecasting future business needs.

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this Job, the employee is regularly required to sit for extended periods in front of a computer. The employee is frequently required to reach with hands and arms and talk or hear. The employee is occasionally required to stand; walk and use hands to finger, handle, or feel. The employee may frequently lift and/or move up to 10 pounds. Specific vision abilities required by this job include close vision, distance vision, peripheral vision, depth perception, and ability to adjust focus. This position requires the employee to work in the office 2-3 days per week.

Work Environment:

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

The noise level in the work environment is usually quiet.