Associate Director, Regulatory Risk, Compliance & Accreditation @Planned Parenthood Federation of America
Compliance
Salary $125,000 - $130..
Remote Location
๐Ÿ‡บ๐Ÿ‡ธ USA Only
Employment Type full-time
Posted 2d ago

[Hiring] Associate Director, Regulatory Risk, Compliance & Accreditation @Planned Parenthood Federation of America

2d ago - Planned Parenthood Federation of America is hiring a remote Associate Director, Regulatory Risk, Compliance & Accreditation. ๐Ÿ’ธ Salary: $125,000 - $130,000 a year ๐Ÿ“Location: USA

Role Description

Planned Parenthood Federation of America (PPFA) and Planned Parenthood Action Fund seek a dynamic and effective Associate Director, Regulatory Risk, Compliance & Accreditation. This job reports to the Director, Information Security, Risk & Compliance in the Information Security department of PPFA. The Office of Information Security provides the strategy and implementation of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors, and staff.

The Associate Director will serve as an Information Security & Technology (IS&T) Program Expert and Accreditor for the PPFA Accreditation & Certification Program, which works to assess and manage risks across the federation through routine evaluation of its affiliate and ancillary organizations.

The Associate Director is also responsible for PCI DSS compliance activities across the federation, ensuring that relevant internal controls are assessed and meet established information security, regulatory, operational, and reporting policies, regulations, and guidelines, while also providing support to the Third Party Risk Management (TPRM) Program, as needed.

Engagement

  • Part of the HIPAA, Risk & Compliance team.
  • Engage with the Information Security team, team members across the broader TSS division, the Accreditation & Evaluation Department (AED) team, Development, Finance, Office of the General Counsel, and third-party vendors.
  • Engage with the executive and operational staff within the PPFA National Office, affiliates, and ancillary organizations.

Delivery

  • Evaluate security and technology systems, controls, and policies of affiliate and ancillary organizations.
  • Write reports that interpret assessment results and enumerate any findings.
  • Develop and track corrective actions, and assess efficacy of risk mitigation activities performed by the affiliate or ancillary organization.
  • Conduct PCI DSS compliance activities utilizing assessment tools to ensure regulatory compliance and risk management across the federation.
  • Conduct Accreditation and Certification interviews, risk assessments, and technical analyses to determine areas of risk and non-compliance with defined IS&T criteria aligned to cyber security frameworks (NIST CSF) and regulatory requirements (HIPAA Security, PCI DSS).
  • Use broad and deep security knowledge and technical evaluation skills to help ensure risks are appropriately identified, assessed, and documented.
  • Thoroughly review documentation, third-party assessments, and audit samples for compliance with IS&T Accreditation criteria and identify any discrepancies or corrective actions.
  • Execute IS&T Accreditation processes and activities including attestation review and technical security control analysis and testing, where applicable, to validate control effectiveness.
  • Escalate potential high or critical risk Accreditation findings to ensure alignment and appropriate notification and remediation activities.
  • Weigh risk scope and impact when identifying and articulating risk outcomes in final reports and presentations to Accreditation stakeholders.
  • Review and assess corrective action reports to determine effective remediation of identified Accreditation and PCI DSS risks.
  • Identify improvements and trends in review operations, criteria, and methodology, and develop plans and proposals to improve and evolve the IS&T Accreditation program/requirements over time.
  • Ensure timely communications and project management of individual Accreditation reviews and PCI DSS compliance activities.
  • Maintain thorough and organized tracking of Accreditation and PCI DSS requirements, assessment results, and corrective actions.
  • Support and educate affiliates and ancillary organizations on required PCI DSS compliance activities.
  • Review and update internal PCI DSS training content, policies, and procedures, as necessary, for national office staff.
  • Execute annual PCI DSS self-assessment questionnaires for all payment flows to identify security and technical deficiencies and collaborate across teams to remediate appropriately.
  • Finalize and obtain signature for annual PCI DSS AOC.
  • Facilitate required vulnerability scanning of relevant cardholder data environments (CDEs), which includes running a quarterly scan, identifying security and technical deficiencies, ensuring appropriate scope, and following up for remediations or documenting exceptions.
  • Obtain and manage external PCI DSS vendorsโ€™ AOCs.
  • Support the PPFA TPRM team, as needed.
  • Communicate professionally and effectively with technical, non-technical, and executive stakeholders.
  • All other duties as assigned.

Qualifications

  • Bachelorโ€™s degree and 5+ years of industry experience is required.
  • Experience with compliance requirements and industry standards (HIPAA Security, PCI DSS, NIST, CIS, etc.) is required.
  • Current industry certifications, particularly security and/or auditing certifications, a plus (CISA, CRISC, GSEC, etc.).
  • Understanding of Information Security, Risk and Compliance.
  • Minimum of 2 years of experience in governance, risk, and compliance (GRC), assessing, auditing, accreditation, and evaluating or implementing IT and information security controls.
  • A deep understanding of IT and information security environments and administration.
  • Strong written and verbal communication, including technical and non-technical writing skills.
  • Strong attention to detail and analytical skills.
  • Ability to balance firm adherence to security practices and flexibility in a fast-paced and continuously changing environment.
  • Ability to maintain neutrality and fairness in the review process, and avoid or raise any possible bias.
  • Knowledge of security technologies (security tools, networking, device protections, encryption, data protection, identity and access management, etc.).
  • Commitment and track record of advancing racial equity in both operations and communications.
  • High proficiency in Google products.
  • Flexibility and ability to adapt to quickly changing priorities and ambiguous situations.

Benefits

  • $125,000 - $130,000 a year.
  • Travel: 0-10%, domestic travel, as needed.
Before You Apply
๏ธ
๐Ÿ‡บ๐Ÿ‡ธ Be aware of the location restriction for this remote position: USA Only
โ€ผ Beware of scams! When applying for jobs, you should NEVER have to pay anything. Learn more.
Associate Director, Regulatory Risk, Compliance & Accreditation @Planned Parenthood Federation of America
Compliance
Salary $125,000 - $130..
Remote Location
๐Ÿ‡บ๐Ÿ‡ธ USA Only
Employment Type full-time
Posted 2d ago
Apply for this position
Did not apply โœ“
Applied โœ“
Sent Follow-Up โœ“
Interview Scheduled โœ“
Interview Completed โœ“
Offer Accepted โœ“
Offer Declined โœ“
Application Denied โœ“
Unlock 135,000+ Remote Jobs
๏ธ
๐Ÿ‡บ๐Ÿ‡ธ Be aware of the location restriction for this remote position: USA Only
โ€ผ Beware of scams! When applying for jobs, you should NEVER have to pay anything. Learn more.
Apply for this position
Did not apply โœ“
Applied โœ“
Sent Follow-Up โœ“
Interview Scheduled โœ“
Interview Completed โœ“
Offer Accepted โœ“
Offer Declined โœ“
Application Denied โœ“
Unlock 135,000+ Remote Jobs
ร—

Apply to the best remote jobs
before everyone else

Access 135,000+ vetted remote jobs and get daily alerts.

4.9 โ˜…โ˜…โ˜…โ˜…โ˜… from 500+ reviews
Unlock All Jobs Now

Maybe later