Job Description

About the job GRC (Governance, Risk, and Compliance) SpecialistEyeCarePro is seeking a highly skilled GRC Specialist to lead our policies and procedures, ensuring governance, risk management, and compliance across our organization. As a leader in digital marketing solutions for eye care professionals, we require a compliance expert to guide the implementation of security strategies, maintain regulatory adherence, and foster continuous improvement in security and privacy practices specific to the healthcare and digital marketing industries.Key Responsibilities:Compliance Implementation & Risk Management:

• Lead the development and enforcement of compliance policies and procedures tailored to the needs of EyeCarePro.
• Ensure the organization meets regulatory requirements, including HIPAA, ISO 27001, and NIST, particularly in handling sensitive patient data for eye care professionals.
• Create and maintain risk assessment documentation, including Disaster Recovery Plans.
• Identify vulnerabilities, assess risks, and implement mitigation strategies.

ISO 27001 & Security Frameworks:

• Develop, implement, and manage an Information Security Management System (ISMS) aligned with ISO 27001.
• Oversee certification processes and ensure ongoing compliance with healthcare marketing and data privacy standards.
• Draft and implement security and privacy policies in alignment with best practices for EyeCarePros digital platforms.

HIPAA & Healthcare Compliance:

• Ensure compliance with HIPAA regulations, including the Privacy Rule, Security Rule, and Breach Notification Rule, as they relate to EyeCarePros services for eye care professionals.
• Implement business associate compliance solutions and security frameworks to protect sensitive patient and client data.

Auditing & Continuous Improvement:

• Conduct internal audits and maintain comprehensive compliance documentation.
• Drive continuous improvement in security and compliance practices to enhance the safety and trustworthiness of EyeCarePros services.

Security Awareness & Training:

• Educate employees on security policies and best practices specific to handling healthcare-related data.
• Foster a culture of compliance and vigilance throughout the organization.

Preferred Qualifications & Experience:

• Proven experience in governance, risk, and compliance, including ISO 27001 implementation.
• Strong understanding of HIPAA regulations and healthcare data compliance requirements.
• Familiarity with EHNAC standards; direct accreditation experience is a plus.
• Expertise in risk assessment and mitigation strategies.
• Experience conducting internal audits and managing compliance-related projects.
• Strong communication and training skills.

Preferred Certifications:

• ISO 27001 Lead Implementer or Auditor
• CISSP, CISM, or CIPP/US

Desirable Skills:

• Familiarity with security frameworks such as NIST.
• Experience with security tools for compliance and risk management.
• Understanding of digital marketing compliance in healthcare settings.

This is a fully remote position with working hours from 9 AM - 5 PM EST.

EyeCarePro