PointClickCare is a leading North American healthcare technology platform enabling meaningful care collaboration and real-time patient insights. For over 20 years, the company has been focused on realizing its vision: to help create a world in which providers and plans can confidently deliver frictionless care. Since its inception, PointClickCare has grown exponentially, with over 2,200 employees working to impact millions across North America. Recognized by Forbes as one of the top 100 private cloud companies and acknowledged by Waterstone Human Capital as Canada's Most Admired Corporate Cultures, PointClickCare leads the way in creating cloud-based healthcare software.
At PointClickCare, we offer a wealth of opportunities and a vibrant culture that empowers our employees. Our dynamic environment is the perfect place to advance your career while engaging in meaningful work alongside incredible colleagues. Here, you'll discover a space where your talents can thrive, your career can grow, and your work will have a lasting impact on healthcare across North America. We believe that work becomes profoundly fulfilling when driven by a higher purpose.
Join us and be part of a team that is making a real impact.
To learn more about us, check out Life at PointClickCare and connect with us on Glassdoor and LinkedIn.
Job Summary:
Our company operates different lines of business, each with its own product stack. While the long-term objective is to unify all products under a common framework, individual products currently maintain distinct audit certifications. For example, many products within our Acute & Payer line of business pursue HITRUST certification, with some also undergoing FEDRAMP, whereas products in the Senior Care line focus on SOC 1 and SOC 2 audits.
Although there is significant overlap in controls and the underlying infrastructure, each product also has a unique set of controls specific to its environment and requirements. Therefore, this role requires the ability to handle multiple HITRUST audits for different products, ensuring compliance with their respective control sets.
About the role:
In this role, you will play a critical role in ensuring PointClickCare's adherence to audits, specifically HITRUST, as well as industry standards and regulatory requirements.
Your primary responsibility will be to lead the entire end-to-end HITRUST audit process, including collecting evidence, coordinating with control owners, liaising with external auditors and overseeing all aspects to ensure the successful completion and achievement of audit certifications.
In addition, you will assist in supporting various aspects of the GRC function, including third-party risk management (TPRM), assurance and controls (SOC I & II, FEDRAMP) and risk management, to strengthen our security and compliance frameworks.
Key Responsibilities:
• Lead the HITRUST audit lifecycle for various lines of businesses and products, including coordinating with Auditors, control owners, collecting and reviewing evidence, addressing audit requirements and discrepancies, and ensuring the organization meets all HITRUST audit criteria.
• Review various products to determine audit compliance and advise on product-security requirements in alignment with audit requirements
• Act as the organization's HITRUST expert and advisor, advising other departments on compliance, best practices and process improvements, including providing guidance on aligning internal controls, processes, and procedures with various audit requirements (FEDRAMP, SOC etc.) and ensuring on-going compliance.
• Coordinate and support certain aspects of the TPRM process, including contributing to pre-sales and post-sales discussions, providing organizational information to prospects and customers, and ensuring third-party relationships comply with our compliance standards
• Ensure the organization's on-going compliance with internal policies and external regulations by creating, maintaining and operationalizing policies and procedures, conducting regular internal reviews, and managing related assurance activities.
• Support the risk identification, assessment and mitigation efforts across the organization, ensuring that all key risks are effectively monitored and controlled in alignment with the risk management framework.
Your Key Strengths:
• 5+ years performing or leading HITRUST audits
• CISSP certification or equivalent
• Strong knowledge of NIST SP 800-53 framework
• Expertise in at least 7 out of the 19 HITRUST domain areas, particularly Access Controls, Networking and Application/Code Security.
• Technical product knowledge and hands-on experience with SIEM, Firewall, EDR, Encryption, GRC, Vulnerability Management, DAST/SAST, and LMS solutions.
• Proficient in managing and implementing security controls for both SaaS-based and on-premises systems
• Hands-on experience with at least one GRC tool.
• Hands-on experience with configuration management and control solutions.
• Ability to challenge and advise control owners on their processes and controls, including the ability to engage in productive dialogue to drive improvements.
• Practical knowledge of firewall, switches and router configurations, with the ability to assess and review network security devices and settings
• Strong technical acumen and background, with the ability to engage technical teams on system configurations and control implementation for a secure infrastructure
• Strong familiarity with, or experience in leading additional audits and assessments including but not limited to FEDRAMP, SOC 1, SOC 2 etc.
• Ability to interpret audit requirements (Control Specifications and Requirement Statements) to articulate required controls to environment owners.
$120,000 - $136,000 a year
US: At PointClickCare, base salary is one of the many components that make up our total rewards package. The US base salary range for this position is $120,000 - $136,000 + 12.5% performance bonus and benefits. Our salary ranges are determined by job and level. The range displayed on each job posting reflects the target for new hire salaries for the position across all US locations. Within the range, individual compensation is determined by job-related skills and knowledge, relevant experience including professional and lived experience, and/or work location. Your recruiter can share more information about our total rewards package during the hiring process.
Non-overtime eligible.
#LI-MG1
#LI-Remote
#Texas
PointClickCare Benefits & Perks:
Benefits starting from Day 1!
Retirement Plan Matching
Flexible Paid Time Off
Wellness Support Programs and Resources
Parental & Caregiver Leaves
Fertility & Adoption Support
Continuous Development Support Program
Employee Assistance Program
Allyship and Inclusion Communities
Employee Recognition ... and more!
It is the policy of PointClickCare to ensure equal employment opportunity without discrimination or harassment on the basis of race, religion, national origin, status, age, sex, sexual orientation, gender identity or expression, marital or domestic/civil partnership status, disability, veteran status, genetic information, or any other basis protected by law. PointClickCare welcomes and encourages applications from people with disabilities. Accommodations are available upon request for candidates taking part in all aspects of the selection process. Please contact [redacted] should you require any accommodations.
When you apply for a position, your information is processed and stored with Lever, in accordance with Lever's Privacy Policy. We use this information to evaluate your candidacy for the posted position. We also store this information, and may use it in relation to future positions to which you apply, or which we believe may be relevant to you given your background. When we have no ongoing legitimate business need to process your information, we will either delete or anonymize it. If you have any questions about how PointClickCare uses or processes your information, or if you would like to ask to access, correct, or delete your information, please contact PointClickCare's human resources team: [redacted]
PointClickCare is committed to Information Security. By applying to this position, if hired, you commit to following our information security policies and procedures and making every effort to secure confidential and/or sensitive information.