Logo
Sysmex America

HITRUST Security and Compliance Manager

Sysmex America, Lincolnshire, Illinois, United States, 60069


HITRUST Security and Compliance Manager

Job Location(s)

US-IL-Lincolnshire

# of Openings

1

Job ID

2024-4045

Category

Information Systems and Information Technology

Travel

10%

Overview

Find a Better Way... ...to use your skills and experience. This is the time to let your talent come to life. To maximize your knowledge and use it for the greater good. To work with the best professionals using state-of-the-art technology, and improve lives with your innovative ideas and ambitious dreams. Find a better way: the Sysmex Way. ...to improve the lives of others. Headquartered in Kobe, Japan, Sysmex is located in Lincolnshire, Illinois. Renowned worldwide for the very finest in quality, innovative diagnostic equipment and information-management systems, we apply science to enhance the quality of life on a global scale. Our agile, resourceful team is committed to realizing critical breakthroughs in laboratory diagnostics, information technology, workflow analysis and life sciences for the clinical laboratory. ...to build a promising future.

Responsibilities

We currently have a great opportunity available for a HITRUST Security & Compliance Manager. The HITRUST Security & Compliance Manager, is responsible for the development, maintenance, operations, and compliance of the cybersecurity program for the medical device software products manufactured at Sysmex America, Inc. The role is also a stakeholder in the cybersecurity roadmap for the other Corporate Systems & Innovation applications to ensure cybersecurity compliance and standardization. As part of this responsibility, this role will lead efforts to maintain the independent 3rd party HITRUST certification through review and approval of all security requirements and working with internal stakeholders and 3rd party partners to pass our audit to obtain and maintain certification. Essential Duties and Responsibilities: 1. Responsible for providing consultation services to leadership on cybersecurity policy, procedure, and implementation to ensure compliance with regulatory requirements, Customer Systems & Innovations standards, and industry best practices. This includes managing change and aligning cross-functional teams impacted by added or modified processes (Quality Assurance, Customer Care, Marketing, Customer Service, etc.). 2. Provides direction and strategy to Analysts, Security Compliance for WS Information Security Program (WSISP) improvement, implementation and operations. Responsible for continuous monitoring and compliance of HITRUST security controls to ensure that they continue to be implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the cybersecurity requirements for assigned HITRUST pre/post-certified systems. 3. Responsible for the establishment, continuous review, and understanding of security policies, procedures, and implementation measures that support the WSISP, including but not limited to Configuration Management, Contingency Planning, and testing, Incident Response Plans and testing, Interoperability Security Agreements, Risk Assessments, Security control baselines, etc. 4. Analyzes the impact of emerging Cybersecurity requirements and identifies areas of risk and development of strategy, policy, governance, and implementation guidance recommendations for a holistic risk management approach. 5. Responsible for supporting operations of Caresphere WS post-market surveillance for product issues and complaints. Supports coordination with cross-functional risk management, post-market surveillance and development leadership to provide risk assessment, root cause, resolution and workaround details for Caresphere WS product suite potential harm issues in tandem with the IT Process Governance team. 6. Responsible for the establishment, improvement, and monitoring of the Caresphere WS product suite manufacturing processes (device master record and device history record), including alignment with HITS Delivery and IT Process Governance teams. 7. Responsible for supporting the IT Process Governance team in internal and external audits (ISO, FDA, MDSAP, etc.) as a subject matter expert for Caresphere WS product suite design and development, post-market surveillance, and manufacturing. 8. Perform manager-type responsibilities for direct reports (performance management, time reporting, expense management, etc.). 9. Other duties as assigned. Travel Percentage:

10%

Qualifications

Bachelor's degree required. 5 years of previous experience in Process Management, QA and/or Security Compliance, HITRUST Technology Specialist/Auditor required.

HITRUST CCSFP (Certified common security framework practitioner) Certification desired. Hands-on experience with audit preparation and running audit sessions for FDA, ISO and Security audits. Proven ability to work under stress in emergencies with flexibility to handle multiple high-pressure situations simultaneously. Proven leadership abilities including effective knowledge sharing, conflict resolution, facilitation of open discussions, fairness and displaying appropriate levels of assertiveness. Ability to communicate highly complex technical information clearly and articulately for all levels and audiences. High critical thinking skills to evaluate alternatives and present solutions that are consistent with business objectives and strategy. Must demonstrate initiative and effective independent decision-making skills Office Suite (Word, Excel, PowerPoint, Outlook) Atlassian Suite (Jira, Confluence, Zephyr) Tenable Vulnerability Management SentinelOne or other End Point Protection software Sysmex is proud to be an EEO/Affirmative Action employer. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, age, sex, sexual orientation, gender identity or expression, color, religion, national origin, genetics, disability status, protected veteran status or any other characteristic protected by law. We maintain a drug-free workplace and perform pre-employment substance abuse testing.