The Regulatory Specialist is responsible for identifying and implementing necessary to process changes to maintain ISO27001 and SOC2 type 2 certifications. The Regulatory Specialist will assist in proactively identifying possible security and privacy concerns and inadequate systems that can negatively impact patients and customer satisfaction. The Regulatory Specialist is also responsible for leading improvement initiatives based on their findings.
- Understand and remain current on applicable InfoSec, PHI and privacy regulations in North America, Europe, Israel and other geographies as required
- Develops and maintains strong working relationship with internal teams, especially INFOSEC and Privacy.
- Raise Intelerad privacy and security maturity level
- Maintain up-to-date ISMS procedures and ensure they are being applied.
- In conjunction with InfoSec, lead integration of such SOPs.
- Gain an understanding of normal work process and any gaps that may exist between actual practice and established procedures as per privacy and InfoSec regulations
- Participate in the definition and implementation of any new privacy and security policies, practices and controls.
- In collaboration with the privacy compliance manager, follow-up on information security or privacy incidents, and propose improvement solutions to prevent breaches, events and weaknesses
- Coordinate and participate in external and internal ISMS audits (ISO 27001 and SOC 2) and coordinate corrective and preventive actions
- Document outputs of post-marketing surveillance activities related to the uptime of cloud-based solutions and share it with appropriate stakeholders and follow-up on action items raised during these activities
- Collaborate with internal teams to document trends and risks in order to develop, implement and lead initiatives that will improve Intelerad s security and risk profile
- Ensure that documented processes are followed in a consistent, timely and efficient manner
- Acts as technical expert on client-based security surveys, and assists in completing them
- Coordinate incident post-mortem and track corrective and preventive actions related to it
- Maintain up-to-date security and privacy training material
- Bachelor s degree in InfoSec, business, quality management or related fields (or equivalent certification)
- Minimum 3 years experience in information security management system(s)
- Knowledge of ISO-27001 and SOC 2 certification
- Experience in the IT field, software development, medical and/or cloud hosting
- Training in quality management and quality improvement
- Knowledge of MS Office, Google Suite and Visio (or similar workflow tool)
- Strong verbal and written communication skills in English and Hebrew.
- Well-organized and project-oriented