(US - Remote)

Are you ready for the Most Impactful Work of Your Life?

Signant Health is a global evidence-generation company. We’re helping our customers digitally enable their clinical trial programs, meeting patients where they are, driving change through technology and innovations, and reimagining the path to proof.

Working at Signant Health puts you in the very heart of the world’s most exciting sector - a high-growth, dynamic company in an extraordinary industry.

Where do you fit in?

The Risk and Compliance Manager will manage and evolve our Enterprise Risk Management, Business Continuity, and Non-Quality-Related Assurance activities (i.e., SSAE-18 SOC2, ISO27001, etc.). They will also play an integral role in developing and maturing our enterprise information security awareness and vendor assessment programs.

Roles and Responsibilities

As part of our team, your main responsibilities will be: 

• Assist the CISO in the ongoing maturity of the enterprise information security program. Ensure policies and SOPs are written, approved, published, and kept up to date.
• Serve as Functional Lead for the following:
1. Enterprise Risk Management program:

                                                     i.     Develop and drive projects that strengthen and streamline the ability to identify, quantify, and effectively treat risk across the enterprise.

                                                   ii.     Perform internal controls-based audits.

                                                  iii.     Liaise with internal and external partners to develop strong diligence according to internal risk management and mitigation policies.

                                                  iv.     Assess, document, and regularly report risk exposure across the enterprise.

2. Information Security certification programs:

                                                     i.     ISO 27001

                                                   ii.     SSAE-18 SOC2

                                                  iii.     Etc.

3. Information Security Awareness program:

                                                     i.     Biannual Global Information Security Awareness Trainings.

                                                   ii.     Role/Function-Specific Security Awareness Training

                                                  iii.     Administer Biannual Phishing Simulation Campaigns.

4. Enterprise Business Continuity Program.
• Represent the Enterprise Risk Management and Information Security program in customer and other third-party audits.

Decision-Making and Influence:

1. Train and mentor other team members.
2. Lead and manage the successful review of risk assessment, internal control audit, and information security projects
3. Maintain documents and records in accordance with best practices and applicable regulations, etc.
4. Act as SME responding to Information Security and Enterprise Risk Management questions and issues from both internal and external sources.

You’ll need to bring: 

1. Distinguished project management, business system analysis, strategic planning, and process documentation skills.
2. Ability to build positive relationships with internal and external stakeholders
3. Ability to lead and participate in cross-functional global teams
4. Ability to work effectively under critical deadlines with multiple tasks simultaneously, lead change and improve processes
5. Robust written and verbal communication skills and attention to detail
6. Proven track record and passion for dissecting/solving problems with a fact-based, data-driven, rigorous, and creative approach
7. Leads multiple tasks, highly visible projects, and timelines with a sense of urgency, ownership, and within the deadline
8. Robust experience in a combination of compliance management, risk management, and information security.
9. Experience in developing and executing information security awareness and industry certification programs.
10. Experience in developing, testing, and maintaining business continuity and/or disaster recovery plans
11. Knowledge of common information security management frameworks, such as SSAE-18 SOC2, ISO/IEC 27001, HITRUST, and NIST.
12. Experience developing and administrating Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs).

We’d be thrilled to hear that you also have:

1. Five+ years of related experience
2. Bachelor’s Degree required with a focus on Information Security, Risk Management, or Project Management
3. Information Security and/or Risk Management Certification

And finally, here are the ways of working that will help you succeed at Signant: 

You have a constructive can-do attitude and can adapt quickly to change. 

You’re motivated by working in a fast-growing global company. 

You’re self-driven, active, and want to learn new things continuously. 

We know that everyone has different wants and needs, which is why along with a highly competitive base salary, we support our people and their loved ones with a variety of perks and benefits.

As part of our team, some of the benefits you can expect to receive are:

      Our Long Term Incentive Plan, which is unique to the industry

      The flexibility to work remotely

      Comprehensive health, dental, and vision insurance

      A competitive retirement plan

      Generous paid time off 

Does this sound like something you’d like to explore? Then we’d love to hear from you!

Please apply below.
We review and respond to every application, keep an eye on your inbox for our reply.

Please note that Signant does not accept unsolicited resumes from Third Party vendors.

#LI-SA1