Asurion Flashcards
The Technology Audit & Compliance Architect will design and implement programs to ensure compliance with regulatory and contractual requirements and industry standards (to include HIPAA and PCI) for Asurion, globally. Responsibilities include leading security-related technology audits to drive compliance and alignment of technology resources.
As part of our Trust Office team, you will work to ensure that our systems and services are designed, operated, and protected to maintain customer trust and regulatory compliance.
You will partner with stakeholders across Asurion to execute a risk management approach, identify risks, and act as a thought leader who recommends and leads risk mitigation strategies with cross-functional teams across Asurion.
You will work independently with the ability to prioritize workloads, remain flexible, and maintain a strong attention to detail in a fast-paced environment while supporting multiple, simultaneous programs.
Essential duties & responsibilities:
Use your in-depth knowledge of regulatory compliance, IT security, and strong customer skills to act as the subject matter expert to internal technology and operations teams in a Trusted Advisor capacity to assist their understanding of requirements (i.e. HIPAA, PCI, etc) related to their applications.
Develop the HIPAA compliance program from risk identification to executive reporting.
Conduct and complete pro-active HIPAA assessments on behalf of the company to ensure the company’s ability to protect PHI data.
Lead regulatory remediation projects and risk mitigation efforts. Track and manage action plans for remediation of audit findings. Perform analysis and reporting of compliance gaps.
Provide subject matter expertise related to PCI, HIPAA or client security requirements to internal technology and operations teams to ensure Company’s ability to maintain compliance when modifying or implementing applications involving sensitive data.
Implement best in class Risk & Compliance Management practices with minimal impact to the business.
Lead Asurion’s response to client audit requests and coordinate collection of audit artifacts.
Monitor issues to provide assurance reporting of how Company is complying with specific country and industry regulatory requirements and the internal control framework in order to maintain a compliant, audit-ready posture.
Coordinate and represent Asurion in negotiations with external auditors.
Train audit participants in audit preparation and response.
Education and/or formal training:
BS/BA Computer Science or equivalent work experience
Must currently hold one or more of the following security certifications:
o CISSP or CISM
Must currently hold one or more of the following audit certifications:
o CISA, GSNA, IRCA, ISMS Auditor, or Certified ISO 27001 Lead/Internal Auditor
PCI QSA or ISA certification desirable
Here’s what you’ll bring to the team:
5+ years progressive experience in information security or technology audit, including experience with issue resolution and leading teams in a cross-functional setting.
Experience in technology audit, risk analysis, and compliance testing.
Good working knowledge of security regulations and industry best practices.
In-depth knowledge of HIPAA and demonstrated experience with HIPAA program development
5+ years leading global regulatory compliance efforts (e.g. HIPAA, PCI, SOX, Privacy).
Experience evaluating the design and effectiveness of IT controls.
Knowledge of auditing frameworks and international standards, such as ISO 27001/27002, PCI DSS, HIPAA/HITRUST, SSAE 18, COBIT and ITIL.
Experience or familiarity with governance, risk and compliance (GRC) tools such as ServiceNow.
Strong analytical and problem resolution skills. Exceptional business judgment, with the ability to think strategically and give practical advice by balancing business needs with risks.
Broad and deep technical knowledge across multiple, diverse technical configurations, technologies and processing environments.
Exceptional interpersonal skills in areas such as teamwork, collaboration, facilitation, negotiation, and persuasiveness.
Excellent communication (oral, written, presentation) skills. Ability to communicate effectively at all levels of the organization.
A practiced ability to influence peers, customers and project teams to make security-minded decisions and changes.
Must be self-directed, organized and have excellent time management skills.
Ability to work in a fast-paced, dynamic environment while maintaining high quality output and a positive working relationship with peers and management.
Ability to operate under ambiguous circumstances, address uncomfortable issues, and leverage data to make informed decisions.
Other position considerations:
Required to read and follow all company policies and procedures.
Ability to handle proprietary and sensitive information in a confidential manner.
While the schedule is generally a Monday through Friday daily schedule, this position may require some weekend and evening assignments as well as availability during off-hours for participation in scheduled and unscheduled activities.
May involve travel up to 10% of the time.
Our aim is to continually evolve our privacy program by finding strategies, processes and mechanisms that scale across geographies and our various businesses and functions in a manageable, repeatable way.
Asurion’s privacy team focuses on delivering sound risk management and outputs that demonstrate compliance and accountability.
- “Is the corporation’s compliance program well designed?“
- “Is the program being applied earnestly and in good faith?“ In other words, is the program adequately resourced and empowered to function effectively?
- “Does the corporation’s compliance program work“ in practice?
Serve as a privacy, compliance, and data protection expert and a primary point of contact for customers and colleagues.
Collaborate with the Privacy Team, Trust Office, legal department, and multiple partners in other business functions to build a resilient, scalable privacy program that works for a fast-growing, innovative company.
Develop a deep understanding of data usage across Asurion products and business functions.
Data Map
HIPAA map
Healthcare data map
Identify legal and operational privacy and data protection concerns and furnish efficient solutions.
HIPAA HITECH GDPR CCPA HR 8?
45 CFR § 164.504 - Uses and disclosures: Organizational requirements.
Our best work enables Asurion to nimbly and confidently adapt to the fast-coming changes in privacy laws around the world. This requires comfort with stepping into complex problems that lack easy “by the book” solutions and finding practical paths forward both legally and operationally.
Work with key business stakeholders to complete Privacy Impact Assessments and other privacy reviews related to products, technologies, and vendors.
Guide product and development teams to ensure that their data collection and usage practices are transparent, protect user privacy, and mitigate risk.
Identify and escalate potential privacy and data protection concerns based upon risk and operational impact.
Engage and support the legal department in negotiation of privacy and data protection-relevant contract terms for both clients and vendors.
Support the Trust Office, security and legal teams in driving effective and risk-minimizing responses to information security events.
Support response to individuals exercising their rights under global data privacy laws.
Facilitate compliance with privacy and data protection laws by Asurion’s global affiliates.
Provide timely and accurate responses to customer and internal queries related to privacy and data protection.
Seek to identify synergies and “force multipliers” with the Data Governance and Audit & Compliance arms of the Trust Office.
