IT Compliance & Risk Lead

Job description

Pay- $120,000 PER YEAR Key Responsibilities: The following areas define day-to-day ownership and decision rights for this role. - Compliance Program Ownership - Own HIPAA and PCI-DSS compliance end-to-end. Run audit cycles, manage evidence collection, and maintain control narratives. Track applicable state privacy and breach notification laws (e.g., CCPA/CPRA, NY SHIELD) and manage SOC 2 obligations as the business expands. - Policy & Governance - Develop, maintain, and enforce IT policies, standards, and procedures aligned to NIST CSF, HIPAA Security Rule, and PCI-DSS. Translate framework requirements into practical, operational controls. - Risk Management - Maintain the enterprise risk register. Conduct regular risk assessments, prioritize threats, track remediation, and report risk posture to leadership on a defined cadence. - SOC Partner Oversight - Manage the relationship with Nuvia’s managed SOC partner. Review and route alerts, validate that remediations close the loop, and ensure SOC reporting feeds the compliance program and audit evidence. - Vulnerability & Patch Oversight - Track vulnerabilities surfaced by the SOC and internal scans. Drive remediation to closure within...