Role and Responsibilities:

Regulatory Compliance Requirements:

• Stay abreast of all healthcare security regulations, including HIPAA, GDPR, HITECH, and other relevant standards.

• Analyze industry frameworks most likely to be requested by customers for coverage in a TPRM questionnaire and multi-industry regularly accepted questionnaires to prepare for ability to intake and cross apply.

• Select a control set from the options identified above to serve as the "primary key" control set.

• Collaborate with the Technical teams using tools like Secure Controls Framework (SCF), to build client’s automated control mapping technology

• Manually map additional controls not represented by SCF (e.g., HITRUST, Client proprietary questionnaires/frameworks, Client cleared requirements) for consumption by Technical team.

Support AI/ML Product Development:

• Collaborate with Technical teams on building the AI model to leverage semantic text matching and detail extraction from security in order to answer security control questions.

• Perform QA and apply confidence scores to the question/answer results that AI produces. Potentially re-map or rephrase alternative questions on low confidence matches.

• Write new/update existing audit protocols and judgment rules for Client Cleared requirements & control-level questions.

• Engage with the Client Audit team to understand gaps in current protocols and open questions.

• Collaborate with Technical teams on training the AI based on these audit protocols and judgment rules.

• QA and recalibration of results of AI judgements. UAT of UI build outs for this technology.

Quality Assurance and Auditing:

• Coordinate with internal and external auditing teams to facilitate comprehensive assessments of AI/ML products.

• Develop and implement QA procedures and policies specifically tailored to healthcare security compliance.

• Perform regular audits and assessments to ensure the effectiveness of security protocols and recommend improvements where necessary.
   

Required skills and Qualifications:

• 10+ years of industry experience with good understanding of AI/ML technologies and their implications for healthcare data security and Product Development experience

• In-depth knowledge of healthcare regulatory frameworks (HIPAA, GDPR, HITECH, etc.)

• Proven experience in developing and implementing compliance strategies and QA procedures

• Relevant certifications (e.g., Certified Information Systems Security Professional (CISSP), Certified Information Privacy Professional (CIPP), etc.) HITRUST are highly desirable

• Excellent communication skills with the ability to translate complex compliance requirements into actionable plans for technical teams

• Must be independent, self-starter and self-motivated

Educational Qualifications:

• Bachelor's degree in Computer Science, Information Security, Healthcare Management, or related field; advanced degree preferred.