Cybersecurity Compliance Specialist

US Anesthesia Partners is the highest-quality single-specialty anesthesia practice in the United States, with over 5,000 employees distributed across 12 states. Our clinical and non-clinical staff support each other as they work toward a common vision: Empowering people to advance exceptional care.

The Cybersecurity Compliance Specialist is responsible for developing, assessing, and tracking cybersecurity policies, procedures, and controls to ensure compliance with relevant regulations and standards. This role involves collaborating with internal stakeholders across various departments to assess, monitor, and mitigate cybersecurity risks.

• Develops and maintains cybersecurity governance, risk management, policies, procedures, and standards in compliance with regulatory requirements (e.g. HIPAA, PCI DSS) and industry best practices (e.g., NIST Cybersecurity Framework, ISO/IEC 27001, HITRUST).
• Conducts regular risk assessments to identify cybersecurity vulnerabilities and gaps in compliance.
• Coordinates and facilitates audits, assessments, and compliance reviews conducted by external auditors or regulatory agencies.
• Monitors changes in regulatory requirements and industry standards and ensure that cybersecurity programs are updated accordingly.
• Monitors and reports on key performance indicators (KPIs) and metrics related to governance, risk, and compliance activities to senior management and stakeholders.
• Collaborates with internal stakeholders to implement cybersecurity controls and measures to mitigate identified risks.
• Provides guidance and support to business units on cybersecurity compliance matters.
• Develops and delivers cybersecurity training and awareness programs for employees.
• Maintains Third Party Risk Management program to include performing risk assessments of new and existing vendors and communicates results of assessments to stakeholders.
• Participates in incident response activities, including investigating security breaches and implementing corrective actions.
• Prepares and maintain documentation related to cybersecurity compliance efforts, including policies, procedures, and audit reports.
• Stays informed about regulations, frameworks, emerging cybersecurity threats, trends, and technologies to continuously improve the organization's cybersecurity posture.

• 8 years of combined experience and education (Ex. 4-year degree and 4 years of experience, or any combination of the two).
• Professional certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems (CRISC), or Certified Information Systems Auditor (CISA).
• In-depth knowledge of cybersecurity regulations, standards, and frameworks (e.g. HIPAA, HITRUST, PCI DSS, NIST Cybersecurity Framework, ISO/IEC 27001).
• Experience conducting risk assessments, audits, and compliance reviews.
• Strong analytical and problem-solving skills.
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization.
• Ability to work independently and manage multiple priorities in a fast-paced environment.
• Familiarity with Governance, Risk, and Compliance (GRC) tools.
• Familiarity with cybersecurity tools and technologies used for monitoring, detection, and prevention.

*The physical demands described here are representative of those that may need to be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Occasional Standing

• Occasional Walking

• Frequent Sitting

• Frequent hand, finger movement

• Use office equipment (in office or remote)

• Communicate verbally and in writing