Compliance Manager – Data Security & Loss Prevention (Healthcare Payer)

Compliance Manager – Data Security & Loss Prevention (Healthcare Payer) Location: Remote (U.S. Based) Job Type: Contract (6 months) Position Overview: We’re seeking a seasoned Compliance Manager with deep healthcare-payer expertise to lead our Data Loss Prevention (DLP) and Data Security Posture Management (DSPM) programs. In this hands-on leadership role, you will define strategy, manage a team of specialists, and ensure our data-protection capabilities mature in line with industry’s best practices and core regulatory requirements. Key Responsibilities: • Lead and mentor a team of DLP/DSPM analysts, fostering technical excellence and professional growth. • Define and execute roadmaps for DLP, DSPM, and Data Level Prevention initiatives. • Partner with IT, Legal, Risk, Operations, and business stakeholders to align security objectives with organizational goals. • Oversee design, deployment, and tuning of DLP controls across endpoints, network, and cloud environments. • Drive DSPM assessments, gap analyses, and remediation plans against frameworks such as NIST CSF and CIS Controls. • Implement Data Level Prevention controls—encryption, tokenization, masking—to protect PHI at rest and in transit. • Collaborate with the Security Operations Center (SOC) on data-related alerts and incident response. • Conduct regular risk assessments, control validations, and tabletop exercises focused on payer workflows (claims, enrollment, utilization management). • Develop and present executive-level dashboards tracking DLP/DSPM maturity, policy compliance, and key risk indicators. • Lead internal and external audits; maintain audit readiness and secure leadership sign-off on major security projects. Required Skills & Qualifications: • Bachelors in Information Security, Computer Science, Healthcare Administration, or equivalent experience. • 7+ years in IT security/compliance, with 5+ years in healthcare payer environments (insurers, TPAs, or health plans). • 3+ years managing technical security or compliance teams. • Strong command of security frameworks: NIST CSF, CIS Controls, ISO 27001 • CMS program-integrity requirements as they relate to data protection (e.g., Medicare Advantage & Medicaid Managed Care) • Excellent leadership, communication, and stakeholder-management skills—able to convey complex risks to executive audiences. • Certifications highly preferred: CISSP, CISM, CDPSE, HCISPP, or HITRUST Practitioner. • HIPAA Privacy & Security Rules (including HITECH Act) • HITRUST CSF requirements and certification processes • Proven hands-on expertise with - DLP Solutions (Forcepoint, Symantec, Microsoft Purview), DSPM tooling and cloud security posture management (CSPM), and Data classification, encryption, tokenization, and other Data Level Prevention controls. Preferred Experience: • Prior involvement in payer core systems (claims adjudication, member enrollment, utilization management). • Experience integrating DSPM with SecOps and GRC platforms. • Familiarity with cloud-native environments (AWS, Azure, GCP) and container security. • NCQA accreditation and HEDIS® data-security standards • Affordable Care Act mandates (risk adjustment, network adequacy) • State DOI breach-notification laws and OCR enforcement guidance • FDA requirements for any Software as a Medical Device (SaMD) components Why You'll Love This Rule: • Lead & Influence: Shape the strategic direction of data-security programs in a complex, highly regulated industry. • High Visibility: Regularly present to senior leadership and drive cross-functional security initiatives. • Professional Growth: Deepen your expertise in healthcare security, compliance, and cutting-edge prevention technologies. Job Type: Contract Work Location: Remote Apply Job! Apply to this Job