IT Compliance Manager (Hybrid/Remote)

Job Summary:

Does this describe you?

Does leading a diverse team of dedicated, skilled compliance professionals excite you? Do you thrive in a fast-paced work environment? Are you a strategic thinker who values culture and continual learning? Would it be exciting for you to make a difference in an organization whose missions include transforming lives, uplifting communities, improving healthcare, and creating breakthroughs in medical research? We are looking for a dynamic inclusive leader to manage our IT Risk and Compliance team, with a focus on reducing university risk and ensuring campus compliance with regulatory requirements such as HIPAA, FERPA, PCI and FISMA. If you think you have what it takes to lead this team, we want to know more about YOU!

Planning and Strategic Support 50%

• Manages the university IT compliance program to ensure regulatory, legislative, and university compliance
• Delivers and drives IT compliance projects and initiatives
• Establishes and maintains a monitoring framework to track and report on the university’s IT compliance status
• Develops policies, standards, and procedures that enable effective, efficient, and compliant services
• Collaborates with legal, the Office of Regulatory Compliance, and other university units to ensure that the IT compliance program aligns with organizational compliance requirements
• Prepares the annual operating plan, budget, and roadmap for IT compliance
• Stays current with changes in healthcare IT regulations, laws, and industry best practices

Operations and Supervision 50%

• Assists with performing risk assessments of IT systems and services; supports development of standards and security controls for different classifications of IT systems, collaborates with IT security to guide the creation of System Security Plans.
• Supervises the Risk and Compliance Team, recruits new team members, establishes performance goals, enables professional development, conducts evaluations of team members, and manages team operations and productivity
• Manages the PCI compliance program to ensure that merchants meet PCI-DSS requirements and manages the annual PCI Self-Assessment Questionnaire process
• Prepares and monitors the IT compliance risk register, reports on the status of the IT compliance program and establishes performance and service metrics
• Develops and delivers IT compliance training and awareness programs for university employees
• Analyzes contracts for IT compliance, security, and regulatory compliance
• Monitors and tracks IT audit compliance

Work Location:

Hybrid/Remote - This position is eligible for a hybrid work environment. ISIC strives for a high-flex work environment, meaning although this role can predominately be executed effectively with a remote schedule, there may be instances where in-person meetings and/or activities are needed. There is no minimum or prescribed in-person requirement. The work schedule will be based around core working hours in Colorado Mountain Time. A fully-remote option will be considered for highly qualified applicants and applicants must reside within the United States.

Why Join Us:

Information Security and IT Compliance (ISIC) is a subdivision of

Information Strategy and Services (ISS).  In ISS we emphasize six key principles that connect our teams and ensure our success: 

• Curiosity- Explore beyond our own experience.
• Compassion- Be empathetic to understand our customer and community needs.
• Collaboration- Partner well beyond our space.
• Commitment- Be dedicated to service excellence and follow-through.
• Competence- Know our craft and be committed to continuous improvement and learning.
• Confidence- Be empowered and assured to represent our customers and their needs.

The mission of the Information Security and IT Compliance division (ISIC) is to deliver information security and IT compliance programs that support the academic, administrative, clinical, research, and strategic goals of CU Anschutz Medical Campus and CU Denver.  ISIC is in a unique position to be able to support the missions of two of Colorado’s most innovative campuses.  The CU Anschutz Medical Campus strives to improve humanity by preventing illness, saving lives, educating health professionals and scientists, advancing science, and serving the community.  The CU Denver Campus has a vision to build a radically inclusive model for higher education based on the simple idea that everyone deserves access to an excellent education and a fulfilled life of their design.

In ISIC we value our team members and strive to achieve work life balance, inclusivity, and a FUN working environment.  We believe diverse teams are more innovative and make better decisions! In ISIC, we strive to create a workplace where team members feel heard, valued, and have a sense of belonging. We encourage applications from women, ethnic minorities, persons with disabilities and veterans. We are committed to diversity and equity in education and employment.

Click here to find out more about ISS’s Culture  and click HERE  to view testimonials from ISS Employees about why they enjoy working for ISS! 

Diversity and Equity:

The University of Colorado Anschutz Medical Campus is committed to recruiting and supporting a diverse student body, faculty and administrative staff. The university strives to promote a culture of inclusiveness, respect, communication and understanding. We encourage applications from women, ethnic minorities, persons with disabilities, persons within the LGBTQ+ community and all veterans. The University of Colorado is committed to diversity and equality in education and employment.

Qualifications:

Minimum Qualifications:

Education:

• BA or BS in Computer Science, Computer Information Systems, IT Security, business, or  closely related field.

Substitution:

• Work experience in the occupational field or specialized subject area of the work assigned to the job may be substituted on a year-for-year basis for the degree.

Experience:

• 2 or more years of supervisory experience
• 2 years’ experience with HIPAA security
• 4  years of progressive experience in information technology and/or compliance

Preferred Qualifications:

• Experience with creating and/or managing a HIPAA security program
• CISSP, HCISPP, GIAC (GSEC, GCIH, GCIA, GPEN) or other security certifications
• Experience with security policy and standards development
• Experience with establishing and maintaining a PCI compliance program
• Experience working in higher education

Knowledge, Skills and Abilities:

• Strong leadership and management skills
• Customer service and communication skills
• Excellent organization and time management skills
• Strong analytical and problem-solving skills
• Risk assessment skills
• Policies and standards development
• Experience interpreting and applying the NIST framework, specifically SP 800-53 and SP 800-171
• Experience interpreting and applying regulations related to information security and data confidentiality (e.g., FERPA, HIPAA, PCI, FISMA, CMMC)
• Familiarity with desktop, server, application, database and network technology

How to Apply:

For full consideration, please submit the following document(s):

1.     A letter of interest describing relevant job experiences as they relate to listed job qualifications and interest in the position

2.     Curriculum vitae / Resume

3.     Three to five professional references, including name, address, phone number (mobile number if appropriate), and email address

Questions should be directed to: ISS Human Resources

[email protected]

Screening of Applications Begins:

Immediately and continues until March 14, 2024.

Anticipated Pay Range:

The starting salary range (or hiring range ) for this position has been established as $100,000 - $120,000.

The above salary range (or hiring range ) represents the University’s good faith and reasonable estimate of the range of possible compensation at the time of posting. This position may be eligible for overtime compensation, depending on the level.

Your total compensation goes beyond the number on your paycheck. The University of Colorado provides generous leave, health plans and retirement contributions that add to your bottom line.

Total Compensation Calculator: http://www.cu.edu/node/153125

ADA Statement:

The University will provide reasonable accommodations to applicants with disabilities throughout the employment application process. To request an accommodation pursuant to the Americans with Disabilities Act, please contact the Human Resources ADA Coordinator at [email protected] ​.

Background Check Statement:

The University of Colorado Anschutz Medical Campus is dedicated to ensuring a safe and secure environment for our faculty, staff, students and visitors. To assist in achieving that goal, we conduct background investigations for all prospective employees.

Vaccination Statement:

CU Anschutz strongly encourages vaccination against the COVID-19 virus and other vaccine preventable diseases . If you work, visit, or volunteer in healthcare facilities or clinics operated by our affiliated hospital or clinical partners or by CU Anschutz, you will be required to comply with the vaccination and medical surveillance policies of the facilities or clinics where you work, visit, or volunteer, respectively. In addition, if you work in certain research areas or perform certain safety sensitive job duties, you must enroll in the occupational health medical surveillance program .