Associate Director, Regulatory Risk, Compliance & Accreditation at Feminist Majority Foundation

Date: 6 hours ago
City: Arlington, VA
Contract type: Full time

Planned Parenthood is the nation’s leading provider and advocate of high-quality, affordable sexual and

reproductive health care for all people, as well as the nation’s largest provider of sex education. Planned

Parenthood organizations serve all people with care and compassion, with respect, and without judgment,

striving to create equitable access to health care. Through health centers, programs in schools and

communities, and online resources, Planned Parenthood is a trusted source of reliable education and

information that allows people to make informed health decisions. We do all this because we care

passionately about helping people lead healthier lives.

Planned Parenthood Federation of America (PPFA) is a 501(c)(3) charitable organization that supports the

independently incorporated Planned Parenthood affiliates, which operate non-profit health centers across

the U.S. PPFA also works to educate the public on and advocate for issues of sexual and reproductive

health. Formed as the advocacy and political arm of Planned Parenthood Federation of America, Planned

Parenthood Action Fund is a separate non-profit membership organization tax-exempt under section

501(c)(4). The Action Fund engages in educational, advocacy, and limited electoral activity, including

grassroots organizing, legislative advocacy, and voter education in furtherance of the Planned Parenthood

mission.

Planned Parenthood Federation of America (PPFA) and Planned Parenthood Action Fund seek a dynamic

and effective Associate Director, Regulatory Risk, Compliance & Accreditation. This job reports to the Director, Information Security, Risk & Compliance in the Information Security department of PPFA. The

Office of Information Security provides the strategy and implementation of the information security program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors, and staff.

Purpose

The Associate Director will serve as an Information Security & Technology (IS&T) Program Expert

and Accreditor for the PPFA Accreditation & Certification Program, which works to assess and

manage risks across the federation through routine evaluation of its affiliate and ancillary

organizations.

The Associate Director is also responsible for PCI DSS compliance activities across

the federation, which ensures that relevant internal controls are assessed and meet established

information security, regulatory, operational, and reporting policies, regulations, and guidelines,

while also providing support to the Third Party Risk Management (TPRM) Program, as needed.

Engagement

The Associate Director will be part of the HIPAA, Risk & Compliance team.

This role will engage with the Information Security team, team members across the broader TSS division, the Accreditation &Evaluation Department (AED) team, Development, Finance, Office of the General Counsel and third party vendors.

This role will engage with the executive and operational staff within the PPFA National Office, affiliates,

and ancillary organizations.

Delivery

The Associate Director will deliver by evaluating security and technology systems, controls, and

policies of affiliate and ancillary organizations, write reports that interpret assessment results and

enumerate any findings, develop and track corrective actions, and assess efficacy of risk mitigation

activities performed by the affiliate or ancillary organization.

The Associate Director will deliver by

conducting PCI DSS compliance activities utilizing assessment tools to ensure regulatory

compliance and risk management across the federation.

Conducts Accreditation and Certification interviews, risk assessments, and technical analyses

to determine areas of risk and non-compliance with defined IS&T criteria aligned to cyber

security frameworks (NIST CSF) and regulatory requirements (HIPAA Security, PCI DSS).

Conducts Accreditation and Certification interviews, risk assessments, and technical analyses

to determine areas of risk and non-compliance with defined IS&T criteria aligned to cyber

security frameworks (NIST CSF) and regulatory requirements (HIPAA Security, PCI DSS).

Conducts Accreditation and Certification interviews, risk assessments, and technical analyses

to determine areas of risk and non-compliance with defined IS&T criteria aligned to cyber

security frameworks (NIST CSF) and regulatory requirements (HIPAA Security, PCI DSS)

Uses broad and deep security knowledge and technical evaluation skills to help ensure risks

are appropriately identified, assessed, and documented

Thoroughly reviews documentation, third party assessments, and audit samples for

compliance with IS&T Accreditation criteria and identifies any discrepancies or corrective

actions

Executes IS&T Accreditation processes and activities including attestation review and

technical security control analysis and testing, where applicable, to validate control

effectiveness

Escalates potential high or critical risk Accreditation findings to ensure alignment and

appropriate notification and remediation activities

Weighs risk scope and impact when Identifying and articulating risk outcomes in final reports

and presentations to Accreditation stakeholders

Reviews and assesses corrective action reports to determine effective remediation of

identified Accreditation and PCI DSS risks

Identifies improvements and trends in review operations, criteria, and methodology, and

develops plans and proposals to improve and evolve the IS&T Accreditation

program/requirements over time

Identifies areas of continuous improvement in the evaluation process and criteria, and

adjusts to the evolution of Accreditation operations and requirements

Ensures timely communications and project management of individual Accreditation reviews

and PCI DSS compliance activities

Maintains thorough and organized tracking of Accreditation and PCI DSS requirements,

assessment results, and corrective actions

Support and educate affiliates and ancillary organizations on required PCI DSS compliance

activities

Review and update internal PCI DSS training content, policies, and procedures, as

necessary, for national office staff.

Execute annual PCI DSS self-assessment questionnaires for all payment flows to identify

security and technical deficiencies and collaborate across teams to remediate appropriately.

Finalize and obtain signature for annual PCI DSS AOC.

Facilite required vulnerability scanning of relevant cardholder data environments (CDEs),

which includes running a quarterly scan, identifying security and technical deficiencies,

ensuring appropriate scope, and following up for remediations or documenting exceptions.

Obtain and manage external PCI DSS vendors’ AOCs

Support the PPFA TPRM team, as needed

Communicates professionally and effectively with technical, non-technical, and executive stakeholders

All other duties as assigned

Knowledge, Skills And Abilities (KSAs)

Bachelor’s degree and 5+ years of industry experience is required

Experience with compliance requirements and industry standards (HIPAA Security, PCI DSS,

NIST, CIS, etc.) is required

Current industry certifications, particularly security and/or auditing certifications, a plus

(CISA, CRISC, GSEC, etc.)

Understanding of Information Security, Risk and Compliance

Minimum of 2 years of experience in governance, risk, and compliance (GRC), assessing,

auditing, accreditation, and evaluating or implementing IT and information security controls,

including experience reviewing information security systems, policies, processes, technology

environments, internal control frameworks, compliance requirements, and audit programs.

A deep understanding of IT and information security environments and administration

Strong written and verbal communication, including technical and non-technical writing skills

Strong attention to detail and analytical skills

Ability to balance firm adherence to security practices and flexibility in a fast-paced and

continuously changing environment

Ability to maintain neutrality and fairness in the review process, and avoid or raise any

possible bias

Knowledge of security technologies (security tools, networking, device protections,

encryption, data protection, identity and access management, etc.)

Commitment and track record of advancing racial equity in both operations and

communications.

High proficiency in Google products

Flexibility and ability to adapt to quickly changing priorities and ambiguous situations

Salary: $125,000 – $130,000 a year

Travel: 0-10%, domestic travel, as needed

Planned Parenthood’s cultural ethos, “In This Together”, reflects our commitment to building a

workplace culture that fosters belonging, promotes learning throughout the employee lifecycle, and

recognizes individual contributions to our mission.

Planned Parenthood Federation of America participates in the E-Verify program. Planned

Parenthood Federation of America is an equal employment opportunity employer and is committed

to maintaining a non-discriminatory work environment, and does not discriminate against any

employee or applicant for employment on the basis of race, color, religion, sex, national origin, age,

disability, veteran status, marital status, sexual orientation, gender identity, or any other

characteristic protected by applicable law. Planned Parenthood is committed to creating a dynamic

work environment that values diversity and inclusion, respect and integrity, customer focus, and

innovation.

Browse All Jobs in This State

Explore full job listings for the area:: Jobs in Arlington | Jobs in Virginia

You May Also Be Interested In

Find other job listings similar to this one: