IT Compliance Manager - 32826

University of Cambridge

Aurora, CO

Job posting number: #7224567

Posted: March 4, 2024

Application Deadline: Open Until Filled

Job Description

Job Summary:

Does this describe you?

Does leading a diverse team of dedicated, skilled compliance professionals excite you? Do you thrive in a fast-paced work environment? Are you a strategic thinker who values culture and continual learning? Would it be exciting for you to make a difference in an organization whose missions include transforming lives, uplifting communities, improving healthcare, and creating breakthroughs in medical research? We are looking for a dynamic inclusive leader to manage our IT Risk and Compliance team, with a focus on reducing university risk and ensuring campus compliance with regulatory requirements such as HIPAA, FERPA, PCI and FISMA. If you think you have what it takes to lead this team, we want to know more about YOU!

Planning and Strategic Support 50%

Manages the university IT compliance program to ensure regulatory, legislative, and university compliance
Delivers and drives IT compliance projects and initiatives
Establishes and maintains a monitoring framework to track and report on the university’s IT compliance status
Develops policies, standards, and procedures that enable effective, efficient, and compliant services
Collaborates with legal, the Office of Regulatory Compliance, and other university units to ensure that the IT compliance program aligns with organizational compliance requirements
Prepares the annual operating plan, budget, and roadmap for IT compliance
Stays current with changes in healthcare IT regulations, laws, and industry best practices
Operations and Supervision 50%

Assists with performing risk assessments of IT systems and services; supports development of standards and security controls for different classifications of IT systems, collaborates with IT security to guide the creation of System Security Plans.
Supervises the Risk and Compliance Team, recruits new team members, establishes performance goals, enables professional development, conducts evaluations of team members, and manages team operations and productivity
Manages the PCI compliance program to ensure that merchants meet PCI-DSS requirements and manages the annual PCI Self-Assessment Questionnaire process
Prepares and monitors the IT compliance risk register, reports on the status of the IT compliance program and establishes performance and service metrics
Develops and delivers IT compliance training and awareness programs for university employees
Analyzes contracts for IT compliance, security, and regulatory compliance
Monitors and tracks IT audit compliance
Work Location:

Hybrid/Remote - This position is eligible for a hybrid work environment. ISIC strives for a high-flex work environment, meaning although this role can predominately be executed effectively with a remote schedule, there may be instances where in-person meetings and/or activities are needed. There is no minimum or prescribed in-person requirement. The work schedule will be based around core working hours in Colorado Mountain Time. A fully-remote option will be considered for highly qualified applicants and applicants must reside within the United States.

Why Join Us:

Information Security and IT Compliance (ISIC) is a subdivision of

Information Strategy and Services (ISS). In ISS we emphasize six key principles that connect our teams and ensure our success:

Curiosity- Explore beyond our own experience.
Compassion- Be empathetic to understand our customer and community needs.
Collaboration- Partner well beyond our space.
Commitment- Be dedicated to service excellence and follow-through.
Competence- Know our craft and be committed to continuous improvement and learning.
Confidence- Be empowered and assured to represent our customers and their needs.
The mission of the Information Security and IT Compliance division (ISIC) is to deliver information security and IT compliance programs that support the academic, administrative, clinical, research, and strategic goals of CU Anschutz Medical Campus and CU Denver. ISIC is in a unique position to be able to support the missions of two of Colorado’s most innovative campuses. The CU Anschutz Medical Campus strives to improve humanity by preventing illness, saving lives, educating health professionals and scientists, advancing science, and serving the community. The CU Denver Campus has a vision to build a radically inclusive model for higher education based on the simple idea that everyone deserves access to an excellent education and a fulfilled life of their design.

In ISIC we value our team members and strive to achieve work life balance, inclusivity, and a FUN working environment. We believe diverse teams are more innovative and make better decisions! In ISIC, we strive to create a workplace where team members feel heard, valued, and have a sense of belonging. We encourage applications from women, ethnic minorities, persons with disabilities and veterans. We are committed to diversity and equity in education and employment.

Click here to find out more about ISS’s Culture and click HERE to view testimonials from ISS Employees about why they enjoy working for ISS!

Diversity and Equity:

The University of Colorado Anschutz Medical Campus is committed to recruiting and supporting a diverse student body, faculty and administrative staff. The university strives to promote a culture of inclusiveness, respect, communication and understanding. We encourage applications from women, ethnic minorities, persons with disabilities, persons within the LGBTQ+ community and all veterans. The University of Colorado is committed to diversity and equality in education and employment.


Minimum Qualifications:


BA or BS in Computer Science, Computer Information Systems, IT Security, business, or closely related field.

Work experience in the occupational field or specialized subject area of the work assigned to the job may be substituted on a year-for-year basis for the degree.

2 or more years of supervisory experience
2 years’ experience with HIPAA security
4 years of progressive experience in information technology and/or compliance
Preferred Qualifications:

Experience with creating and/or managing a HIPAA security program
CISSP, HCISPP, GIAC (GSEC, GCIH, GCIA, GPEN) or other security certifications
Experience with security policy and standards development
Experience with establishing and maintaining a PCI compliance program
Experience working in higher education

Apply Now

Please mention to the employer that you saw this ad on