Risk and Compliance

JOB SUMMARY

The Candidate is responsible for overseeing daily R&C operations for the assigned projects ensuring all controls aligned with ISO 9001, HIPAA are managed. Additionally responsible to lead internal and external audits. The R&C Senior Associate will coordinate between operations, IT, HR, Training and client for streamlined process.

Essential Responsibilities

1. QMS (ISO 9001) Management:

• Oversee the day-to-day operation, maintenance, and continual improvement of the project's QMS.
• Lead the preparation and coordination of internal and external audits for ISO 9001 and other relevant certifications.
• Conduct regular information security risk assessments and drive the implementation of risk treatment plans.
• Develop, review, and update QMS documentation, including policies, procedures, and the Statement of Applicability (SoA).
• Manage the Corrective and Preventive Action (CAPA) process for security-related findings.

2. HIPAA & Healthcare Compliance:

• Act as a subject matter expert on HIPAA Security, Privacy, and Breach Notification Rules.
• Ensure all RCM processes and systems handling Protected Health Information (PHI) are compliant with HIPAA and HITECH requirements.
• Lead the annual HIPAA Security Risk Analysis and ensure all identified gaps are remediated.
• Oversee the incident response process for any potential privacy or security breaches involving PHI, including investigation, documentation, and reporting.

3. Security Operations & Governance:

• Monitor the effectiveness of security controls, including access control, network security (firewalls, IDS/IPS), data loss prevention (DLP), and antivirus/antimalware solutions.
• Collaborate with the IT department to ensure security configurations and infrastructure align with compliance requirements.
• Conduct third-party vendor security assessments to manage supply chain risk.
• Develop and deliver regular security and compliance training programs for all employees, focusing on their responsibilities in protecting sensitive healthcare data.

Required Qualifications & Skills

• Education: Bachelors degree in any stream.
• Experience: Minimum 1-2 years of experience in current role. 4-6 years of overall experience
• Technical Knowledge:
• Deep understanding of security frameworks (ISO 9001, NIST).
• Strong knowledge of risk assessment methodologies.
• Familiarity with security technologies such as Firewalls, Vulnerability Management tools
• Soft Skills:
• Excellent written and verbal communication skills; ability to articulate complex technical and regulatory concepts to diverse audiences.
• Strong analytical, problem-solving, and project management skills.
• High ethical standards and meticulous attention to detail.
• Ability to work independently and lead initiatives with minimal supervision.