Job Details

Home

IT Compliance Sherpa !! Remote at Remote, Remote, USA

Email: [email protected]

From:

shivam rai,

adventa tech

[email protected]

Reply to: [email protected]

Position: IT Compliance Sherpa

Location: Remote

Duration: 3 Months(Part Time)

Visa: ANY

MOI: Video

a. Our immediate need is to get our arms around the current state and solve some current challenges with specifics in our process and documentation. Ash has been managing this himself, and doing a great job, but he's at the limits of capacity. It seems like there's lots of short term work in this phase.

b. There's probably a need for intermittent help in the future

c. Ideally, within a few months, or a few hundred hours, we will have reached a point where our compliance process is more smooth and easy to for folks to follow. Additionally, maybe there will be recommendations for improvement in our compliance programs, and then there may be more work as a result of said proposals.

For example. Should we consider jumping through the HI-TRUST compliance hurdles Or, is that unnecessary for where we're at. At least we could try and ensure we're generally following the controls for it, or there is a path toward following them in the event we do want to move forward with this compliance certification in the future. Hopefully a compliance sherpa can consider these questions and make recommendations for us.

Compliance Sherpa

As we have switched compliance auditors from Assure Professional to Thoropass (formerly Hey

Laika), there has been a good amount of refactoring of our Policies and Procedures to better

sync up with the Thoropass platform. This is meant to more easily match up controls with their

P&P in the documentation.

This has resulted in going from a handful of P&Ps to well over 20 policy documents, and 20

procedure/process documents. While some effort was made to reduce the clutter of these

documents, there needs to be a concerted effort to simplify the Thoropass P&Ps so that things

are more efficient and easy for us to follow. Things that are not applicable or irrelevant to should

be removed, or replaced by verbiage explaining why these controls may not apply to us.

In summary, someone with compliance experience needs to go through each of the 40+ P&Ps

on the Thoropass platform, and do the following.

1. Remove repetitive language across ALL of the P&Ps. For example, we do not need to

repeat Management Commitment and Roles and Responsibilities in 40+ documents.

Same likely goes for Overview and Scope. These statements can be made in an

overall parent document, which applies to all P&P documents. Someone needs to

create/formulate the primary document with these blanket statements.

2. Consolidate where possible. 20+ policy documents seems completely unnecessary.

Consider, can some policies be merged into similar policy documents, making it easier to

maintain and review

3. Coordinate meetings with any and all stakeholders of a given policy and/or procedure to

ensure that we are actually doing everything we say were doing in the policy document.

Some bullet items in the policies are taken from templates, and they are irrelevant to

what we do at

Further, on the Thoropass platform, this person needs to.

4. Review the 71 Evidence Requests from the 2024 SOC 2 Type 2 audit. Especially pay

attention to evidence that was provided in the form of a screenshot, or an upload of data

(spreadsheet or pdf). Find ways to integrate with the Thoropass platform API so that the

evidence in question can be provided automatically to the platform. The entire point of

switching to Thoropass was for their automation/integration features. It is meant to ease

our compliance work.

Further work required.

Compliance Sherpa

5. Advocate for necessary compliance enhancements to our product. The initial requests

have been made in the form of a Jira ticket/story. However, someone needs to be in the

driver's seat to press these sorts of requests forward. This particular, critical compliance

function has fallen through the cracks.

6. We need a page on our website, dedicated to HIPAA. Currently, we have SOC 2, and

GLBA pages. But for our Home Care customers, we have nothing in-depth about our

HIPAA compliance. The language of this page should be formulated with input from sales and marketing

Keywords: information technology golang
IT Compliance Sherpa !! Remote
[email protected]

[email protected]
View all

Tue Aug 13 01:15:00 UTC 2024

To remove this job post send "job_kill 1652110" as subject from [email protected] to [email protected]. Do not write anything extra in the subject line as this is a automatic system which will not work otherwise.

Your reply to [email protected] -

To

Subject
Message -

shivam@adventatech.com wrote:
From:

shivam rai,

adventa tech

shivam@adventatech.com

Reply to:   shivam@adventatech.com

Position:             IT Compliance Sherpa

Location:            Remote

Duration:           3 Months(Part Time)

Visa:                    ANY

MOI:                    Video

a.           Our immediate need is to get our arms around the current state and solve some current challenges with specifics in our process and documentation. Ash has been managing this himself, and doing a great job, but he's at the limits of capacity. It seems like there's lots of short term work in this phase.

b.           There's probably a need for intermittent help in the future

c.           Ideally, within a few months, or a few hundred hours, we will have reached a point where our compliance process is more smooth and easy to for folks to follow.   Additionally, maybe there will be recommendations for improvement in our compliance programs, and then there may be more work as a result of said proposals.

For example.  Should we consider jumping through the HI-TRUST compliance hurdles  Or, is that unnecessary for where we're at.  At least we could try and ensure we're generally following the controls for it, or there is a path toward following them in the event we do want to move forward with this compliance certification in the future.  Hopefully a compliance sherpa can consider these questions and make recommendations for us.

Compliance Sherpa

As we have switched compliance auditors from Assure Professional to Thoropass (formerly Hey

Laika), there has been a good amount of refactoring of our Policies and Procedures to better

sync up with the Thoropass platform. This is meant to more easily match up controls with their

P&P in the documentation.

This has resulted in going from a handful of P&Ps to well over 20 policy documents, and 20

procedure/process documents. While some effort was made to reduce the clutter of these

documents, there needs to be a concerted effort to simplify the Thoropass P&Ps so that things

are more efficient and easy for us to follow. Things that are not applicable or irrelevant to should

be removed, or replaced by verbiage explaining why these controls may not apply to us.

In summary, someone with compliance experience needs to go through each of the 40+ P&Ps

on the Thoropass platform, and do the following.

1. Remove repetitive language across ALL of the P&Ps. For example, we do not need to

repeat Management Commitment and Roles and Responsibilities in 40+ documents.

Same likely goes for Overview and Scope. These statements can be made in an

overall parent document, which applies to all P&P documents. Someone needs to

create/formulate the primary document with these blanket statements.

2. Consolidate where possible. 20+ policy documents seems completely unnecessary.

Consider, can some policies be merged into similar policy documents, making it easier to

maintain and review

3. Coordinate meetings with any and all stakeholders of a given policy and/or procedure to

ensure that we are actually doing everything we say were doing in the policy document.

Some bullet items in the policies are taken from templates, and they are irrelevant to

what we do at

Further, on the Thoropass platform, this person needs to.

4. Review the 71 Evidence Requests from the 2024 SOC 2 Type 2 audit. Especially pay

attention to evidence that was provided in the form of a screenshot, or an upload of data

(spreadsheet or pdf). Find ways to integrate with the Thoropass platform API so that the

evidence in question can be provided automatically to the platform. The entire point of

switching to Thoropass was for their automation/integration features. It is meant to ease

our compliance work.

Further work required.

Compliance Sherpa

5. Advocate for necessary compliance enhancements to our product. The initial requests

have been made in the form of a Jira ticket/story. However, someone needs to be in the

driver's seat to press these sorts of requests forward. This particular, critical compliance

function has fallen through the cracks.

6. We need a page on our website, dedicated to HIPAA. Currently, we have SOC 2, and

GLBA pages. But for our Home Care customers, we have nothing in-depth about our

HIPAA compliance. The language of this page should be formulated with input from sales and marketing

Keywords: information technology golang 
IT Compliance Sherpa !! Remote
shivam@adventatech.com

Your email id:

Captcha Image:

Captcha Code:

Pages not loading, taking too much time to load, server timeout or unavailable, or any other issues please contact admin at [email protected]
Time Taken: 0

Location: ,