Security / Compliance Specialist, Senior- Data Management

Establish, implement, and maintain data protection and compliance frameworks aligned with FISMA, HIPAA Privacy Rule, Common Rule, NIH data-sharing policies, and federal standards.

Lead security risk assessments and vulnerability analyses for the client data systems and public/private portals.

Develop and enforce SOPs for data security, access control, encryption, anonymization, and secure data transfer.

Ensure proper de-identification and anonymization of human subject data prior to public sharing.

Maintain audit trails, version control, and comprehensive security documentation according to DHHS EPLC and OMB guidelines.

Collaborate with internal and external stakeholders (e.g., NIH, ImmPort, CEIRR, Bioinformatics Resource Centers) to ensure interoperability and secure data exchange.

Develop and execute quality control plans, including automated validation, error-checking, and regular QA/QC reports.

Monitor data collection processes to ensure uniformity, accuracy, and compliance across multiple study sites and data contributors.

Generate regular data security and compliance status reports for internal and external review.

Maintain compliance standards for client public and private portals, ensuring secure controlled access and protection of sensitive information.

Oversee security features supporting data browsing, sharing of research products, and public-facing information.

Provide training and consultations to client investigators on security practices, compliance policies, and proper use of DMCC-supported systems.

Develop and maintain manuals, guides, and training materials related to compliance and security.

Support working groups and cross-collaborative teams by providing compliance insights during the development of procedures and resources.

Assist in the preparation of compliance sections for client-related scientific manuscripts and reports.

Bachelor's degree in Information Security, Computer Science, Information Systems, or a related field. Master's degree preferred.

6+ years of hands-on experience in IT security and federal compliance, particularly in a biomedical or clinical research environment.

Relevant certifications such as CISSP, CISA, CISM, or HITRUST preferred.

Experience working with data management platforms such as ImmPort, IEDB, CEIRR, or NIH/academic consortia.

Familiarity with DHHS Enterprise Performance Life Cycle (EPLC) standards.

Experience supporting research consortia, clinical trials, or translational science projects.

Strong working knowledge of HIPAA, FISMA, Common Rule, FAIR principles, and NIH data-sharing guidelines.

Experience with security controls for web-based portals, database systems, and cloud platforms.

Demonstrated ability to conduct security audits, risk assessments, and quality control analyses.

Proficient in creating and maintaining documentation, SOPs, compliance reports, and security plans.

Excellent interpersonal skills and experience providing security training to diverse scientific/technical audiences.

Strong organizational and project management skills.