YoVA YoVA

Salcott

Data Compliance & Security Lead

Не указана
  • Астана
  • От 3 до 6 лет
  • Английский язык
  • Информационная безопасность
  • Организаторские навыки
  • Аналитические исследования
  • Оценка рисков
  • Взаимодействие с контрольными органами
  • Оптимизация бизнес-процессов
  • Гражданское право
  • Подготовка презентаций
  • Защита интеллектуальной собственности
  • Лицензирование
  • Экономическая безопасность
  • Английский — C1 — Продвинутый
  • Русский — C2 — В совершенстве

Data Compliance & Security Lead (Part-time / Fractional)

We are looking for a pragmatic Data Compliance & Security Lead who can help us build a lightweight but robust compliance foundation for working with US clients (healthcare and e-commerce). This is not a “policy-only” role — we need someone who can work hands-on with our systems, define practical controls, and gradually bring the company to HIPAA and SOC 2 readiness without overengineering.

WHAT YOU’LL BE DOING

1. Build a practical compliance foundation

  • Define minimum viable security and compliance setup for a distributed team (Kazakhstan, Philippines).
  • Work with our IT/System Admin to ensure: MFA, SSO, device management are enforced, access is controlled and auditable, data is handled securely

2. Create only the policies we actually need

  • Draft and implement essential policies (not bureaucracy): Information Security|Access Control|Incident Response|Acceptable Use
  • Make sure policies are:
    • understandable
    • actually used (not just stored somewhere)

3. Prepare us for HIPAA

  • Identify where we might touch sensitive data (ePHI)
  • Ensure basic HIPAA requirements are covered: access control, audit logs, vendor agreements (BAA)
  • Support lightweight risk assessment process

4. Set up simple, scalable processes

  • Define:
    • onboarding / offboarding access flows
    • quarterly access review (simple but consistent)
    • incident reporting process
  • Make sure these processes work without constant manual supervision

5. Prepare the company for future SOC 2 (without rushing into audit)

  • Structure controls so we can scale into SOC 2 later
  • Organize documentation and evidence from day one
  • Advise when it actually makes sense to introduce tools like Sprinto

WHO WE’RE LOOKING FOR

  • 2–5 years experience in:
    • data security / compliance / IT governance
  • Hands-on mindset (you’re comfortable going into systems, not just writing docs)
  • Experience with:
    • SaaS tools (Google Workspace / M365 / Slack / CRM)
    • access control & identity management (MFA, SSO)
  • Basic understanding of:
    • HIPAA (must)
    • SOC 2 (nice to have)

Источник вакансии
Вернуться, к списку вакансий
© 2019-2023 YoVA | Все права сохранены