Data Security And Compliance Consultant

Job Title Data Security and Compliance Consultant Healthcare Location Bangalore India Role Type Contract Location Bengaluru Company overview We are a US Based Venture backed Digital Health Company We enable Health Care Providers HCP to capture true Virtual Care Opportunities beyond Telehealth We enable HCP to provide Proactive and Continuous Care and add new Recurring monthly revenue streams without any upfront cost With our unique distribution and business model we are seeing fast acceptance and great adaptation with our target customers We have built unique and Industry s first Integrated Hardware Cloud AI Technologies based Virtual care Platforms for HCP Market We are a US-focused Post revenue company with customers in 9 US States and growing fast We provide an excellent opportunity to Innovate and work on cutting-edge product technologies in a very fast-moving dynamic and empowered environment Role Overview We are seeking an experienced Data Security and Compliance Consultant with deep healthcare domain expertise to assess our current security and privacy posture close policy and process gaps and lead us to required certifications The ideal candidate has led multiple HIPAA HITRUST SOC 2 ISO 27001 readiness engagements can translate regulations into practical controls and can drive cross-functional execution in cloud-native environments Key Responsibilities Perform comprehensive gap assessments of current policies procedures and controls against HIPAA Security Privacy and Breach Notification Rules HITECH HITRUST CSF SOC 2 Trust Services Criteria ISO IEC 27001 and ISO 27002 control guidance NIST CSF and NIST 800-53 Applicable privacy laws e g GDPR CCPA CPRA based on business footprint Additional healthcare-relevant regulations as applicable e g ONC Cures Act 21 CFR Part 11 Build and maintain a control matrix mapping company controls to the above frameworks define remediation roadmap with owners budgets and timelines Lead Security Risk Analysis SRA for HIPAA maintain risk register and drive risk treatment plans facilitate periodic internal audits Define draft and operationalize policies and procedures including Information Security Acceptable Use Access Control Encryption Key Management Data Classification Handling DLP Secure SDLC and product security threat modeling SAST DAST SBOM third-party components Cloud security AWS Azure GCP hardening baselines logging monitoring SIEM Vulnerability and patch management change management configuration management Incident Response and Breach Notification including OCR expectations tabletop exercises Business Continuity Disaster Recovery and backup restore testing Vendor Risk Management BAAs DPAs third-party due diligence and continuous monitoring Mobile BYOD MDM endpoint protection EDR asset management Data retention deletion de-identification pseudonymization data subject rights workflows Create healthcare-specific data maps and inventories PHI ePHI flows HL7 FHIR integrations EHR connections and interoperability touchpoints Records of processing activities ROPA where required Plan and execute certification readiness programs SOC 2 Type I II HITRUST validated assessment ISO 27001 ISMS implementation and certification Coordinate evidence collection auditor engagement and remediation closure Recommend and implement GRC tooling for control management and continuous compliance Drive security awareness and privacy training programs with role-based curricula and policy attestations Support customer security questionnaires RFPs and due diligence serve as SME in client and partner audits Establish and report KPIs KRIs e g risk reduction control coverage time-to-remediate audit findings training completion Qualifications 5 years of progressive experience in information security privacy and compliance with at least 4 years focused on healthcare environments providers payers digital health health tech EHR vendors Proven track record leading HIPAA HITRUST SOC 2 ISO 27001 programs from gap assessment through audit certification Strong knowledge of HIPAA HITECH HITRUST CSF SOC 2 TSC ISO 27001 27002 NIST CSF 800-53 familiarity with GDPR CCPA ONC Cures Act and 21 CFR Part 11 preferred Hands-on experience in cloud-first architectures and SaaS security IAM MFA SSO network segmentation key management logging monitoring SIEM EDR MDM Demonstrated ability to author clear actionable policies procedures and build sustainable operational processes Excellent stakeholder management and communication skills able to influence engineering product legal and leadership Tools familiarity GRC platforms e g ServiceNow GRC Archer OneTrust Drata Vanta SIEM e g Splunk Sentinel vulnerability scanners e g Qualys Nessus ticketing Jira documentation Confluence IdP Okta Azure AD MDM Intune Jamf Preferred Certifications HCISPP CHPS CCSFP HITRUST CISSP CISM CISA ISO 27001 Lead Implementer or Lead Auditor Privacy certifications e g CIPP US CIPM Cloud security certifications e g AWS Azure Security Specialty