Compliance Manager – Data Security & Loss Prevention (Healthcare Payer)
Compliance Manager – Data Security & Loss Prevention (Healthcare Payer)
Location: Remote (U.S. Based)
Job Type: Contract (6 months)
Position Overview:
We’re seeking a seasoned Compliance Manager with deep healthcare-payer expertise to lead our Data Loss Prevention (DLP) and Data Security Posture Management (DSPM) programs. In this hands-on leadership role, you will define strategy, manage a team of specialists, and ensure our data-protection capabilities mature in line with industry’s best practices and core regulatory requirements.
- Key Responsibilities:
- Lead and mentor a team of DLP/DSPM analysts, fostering technical excellence and professional growth.
- Define and execute roadmaps for DLP, DSPM, and Data Level Prevention initiatives.
- Partner with IT, Legal, Risk, Operations, and business stakeholders to align security objectives with organizational goals.
- Oversee design, deployment, and tuning of DLP controls across endpoints, network, and cloud environments.
- Drive DSPM assessments, gap analyses, and remediation plans against frameworks such as NIST CSF and CIS Controls.
- Implement Data Level Prevention controls—encryption, tokenization, masking—to protect PHI at rest and in transit.
- Collaborate with the Security Operations Center (SOC) on data-related alerts and incident response.
- Conduct regular risk assessments, control validations, and tabletop exercises focused on payer workflows (claims, enrollment, utilization management).
- Develop and present executive-level dashboards tracking DLP/DSPM maturity, policy compliance, and key risk indicators.
- Lead internal and external audits; maintain audit readiness and secure leadership sign-off on major security projects.
- Required Skills & Qualifications:
- Bachelors in Information Security, Computer Science, Healthcare Administration, or equivalent experience.
- 7+ years in IT security/compliance, with 5+ years in healthcare payer environments (insurers, TPAs, or health plans).
- 3+ years managing technical security or compliance teams.
- Strong command of security frameworks: NIST CSF, CIS Controls, ISO 27001
- CMS program-integrity requirements as they relate to data protection (e.g., Medicare Advantage & Medicaid Managed Care)
- Excellent leadership, communication, and stakeholder-management skills—able to convey complex risks to executive audiences.
- Certifications highly preferred: CISSP, CISM, CDPSE, HCISPP, or HITRUST Practitioner.
- HIPAA Privacy & Security Rules (including HITECH Act)
- HITRUST CSF requirements and certification processes
- Proven hands-on expertise with - DLP Solutions (Forcepoint, Symantec, Microsoft Purview), DSPM tooling and cloud security posture management (CSPM), and Data classification, encryption, tokenization, and other Data Level Prevention controls.
- Preferred Experience:
- Prior involvement in payer core systems (claims adjudication, member enrollment, utilization management).
- Experience integrating DSPM with SecOps and GRC platforms.
- Familiarity with cloud-native environments (AWS, Azure, GCP) and container security.
- NCQA accreditation and HEDIS® data-security standards
- Affordable Care Act mandates (risk adjustment, network adequacy)
- State DOI breach-notification laws and OCR enforcement guidance
- FDA requirements for any Software as a Medical Device (SaMD) components
- Why You'll Love This Rule:
- Lead & Influence: Shape the strategic direction of data-security programs in a complex, highly regulated industry.
- High Visibility: Regularly present to senior leadership and drive cross-functional security initiatives.
- Professional Growth: Deepen your expertise in healthcare security, compliance, and cutting-edge prevention technologies.
Job Type: Contract
Work Location: Remote
Apply Job!
Apply to this Job