Signant Health is a specialty services and clinical trial technology provider dedicated to helping bio-pharmaceutical sponsors and Contract Research Organizations. It was started back in 2000 and headquatered in Pennsylvania. It was initially formed as CRF Health in 2000, It is also an evolution built on more than 20 years of proven clinical research technology. Recently CRF Health and Bracket are merged to form Signant Health

Signant Health is seeking to hire a Compliance & Security Process and Program Manager, who will oversee the Compliance and Security improvement and remediation programs and ensure security and governance processes and controls are fit for purpose. As a key member of our compliance and security team, your primary responsibility is to build, manage, and deliver a program of improvements across the whole compliance and security organization. 

This role helps manage Signant Health’s compliance program in alignment with industry best practices and standards. You will have the opportunity to take ownership of our ISO27001 compliance program and work directly with partners across the organization to drive these compliance improvements. This includes coordination with internal and external stakeholder organizations in regard to implementing compliance standards/ requirements and preparing the organization for external audits and certifications.

Key Accountabilities/Decision Making & Influence

• Manage security and compliance projects end-to-end, from design phase to project closure
• Program management of ongoing programs such as ISO 27001, to ensure ongoing success
• Communicate program updates, progress and timelines to stakeholders and upper management on a regular basis.
• Develop project timelines, roadmaps and milestones for multiple projects and project tracks
• Analyze security controls and compliance requirements for various frameworks such as GDPR, SOC2, HIPAA, HITRUST, PCI/DSS, ISO 27001, ISO 27701, Fed RAMP and Privacy Impact Assessments.
• Assess effectiveness of controls. Design, implement and automate effectiveness testing and efficacy measurements.
• Review Quality Management system. Recommend improvements to processes embodied therein and drive their remediation and improvement.
• Work closely with external advisors to understand, design and implement controls.
• Perform planning/scoping and liaising with auditors and manage related audits.

• Bachelor’s degree required; Bachelor’s degree in computer science, Information Security, or related field is preferred
• Minimum 5 years’ experience in the field of Information Security, Audit and/or Compliance
• Minimum 2 years of program management experience is
• Expert level knowledge of various security frameworks and ability to determine measures that will satisfy controls, design controls and determine solutions that will address control requirements across current and future frameworks.
• Expert level knowledge of ISO 27001 framework is required. Strong knowledge of one or more additional security frame works from the following list is also essential for this role (NIST 800-53, CIS Critical Controls, HIPAA, HITRUST, PCI, UK Cyber Essentials, ISO 27701).
• Information Security Certifications (CISSP (required), CISM, CRISC, CCSP ) and/ or other related security certification
• Privacy Certifications (CIPP, HCISPP) and/or other privacy certification, ITIL or PMP Certification

Travel·        

International:    Possible 

% Travel:              No