About this Associate Director, Regulatory Risk, Compliance & Accreditation role at Ppfa
reproductive health care for all people, as well as the nation’s largest provider of sex education. Planned
Parenthood organizations serve all people with care and compassion, with respect, and without judgment,
striving to create equitable access to health care. Through health centers, programs in schools and
communities, and online resources, Planned Parenthood is a trusted source of reliable education and
information that allows people to make informed health decisions. We do all this because we care
passionately about helping people lead healthier lives.
Planned Parenthood Federation of America (PPFA) is a 501(c)(3) charitable organization that supports the
independently incorporated Planned Parenthood affiliates, which operate non-profit health centers across
the U.S. PPFA also works to educate the public on and advocate for issues of sexual and reproductive
health. Formed as the advocacy and political arm of Planned Parenthood Federation of America, Planned
Parenthood Action Fund is a separate non-profit membership organization tax-exempt under section
501(c)(4). The Action Fund engages in educational, advocacy, and limited electoral activity, including
grassroots organizing, legislative advocacy, and voter education in furtherance of the Planned Parenthood
mission.
Planned Parenthood Federation of America (PPFA) and Planned Parenthood Action Fund seek a dynamic
and effective Associate Director, Regulatory Risk, Compliance & Accreditation. This job reports to
the Director, Information Security, Risk & Compliance in the Information Security department of PPFA. The
Office of Information Security provides the strategy and implementation of the information security
program that safeguards the data entrusted to Planned Parenthood by its patients, supporters, donors,
and staff.
Purpose:
and Accreditor for the PPFA Accreditation & Certification Program, which works to assess and
manage risks across the federation through routine evaluation of its affiliate and ancillary
organizations.
the federation, which ensures that relevant internal controls are assessed and meet established
information security, regulatory, operational, and reporting policies, regulations, and guidelines,
while also providing support to the Third Party Risk Management (TPRM) Program, as needed.
Engagement:
and ancillary organizations.
Delivery:
policies of affiliate and ancillary organizations, write reports that interpret assessment results and
enumerate any findings, develop and track corrective actions, and assess efficacy of risk mitigation
activities performed by the affiliate or ancillary organization.
conducting PCI DSS compliance activities utilizing assessment tools to ensure regulatory
compliance and risk management across the federation.
to determine areas of risk and non-compliance with defined IS&T criteria aligned to cyber
security frameworks (NIST CSF) and regulatory requirements (HIPAA Security, PCI DSS).
to determine areas of risk and non-compliance with defined IS&T criteria aligned to cyber
security frameworks (NIST CSF) and regulatory requirements (HIPAA Security, PCI DSS).
to determine areas of risk and non-compliance with defined IS&T criteria aligned to cyber
security frameworks (NIST CSF) and regulatory requirements (HIPAA Security, PCI DSS)
are appropriately identified, assessed, and documented
compliance with IS&T Accreditation criteria and identifies any discrepancies or corrective
actions
technical security control analysis and testing, where applicable, to validate control
effectiveness
appropriate notification and remediation activities
and presentations to Accreditation stakeholders
identified Accreditation and PCI DSS risks
develops plans and proposals to improve and evolve the IS&T Accreditation
program/requirements over time
adjusts to the evolution of Accreditation operations and requirements
and PCI DSS compliance activities
assessment results, and corrective actions
activities
necessary, for national office staff.
security and technical deficiencies and collaborate across teams to remediate appropriately.
which includes running a quarterly scan, identifying security and technical deficiencies,
ensuring appropriate scope, and following up for remediations or documenting exceptions.
Knowledge, Skills and Abilities (KSAs):
NIST, CIS, etc.) is required
(CISA, CRISC, GSEC, etc.)
auditing, accreditation, and evaluating or implementing IT and information security controls,
including experience reviewing information security systems, policies, processes, technology
environments, internal control frameworks, compliance requirements, and audit programs.
continuously changing environment
possible bias
encryption, data protection, identity and access management, etc.)
communications.
Planned Parenthood's cultural ethos, "In This Together", reflects our commitment to building a
workplace culture that fosters belonging, promotes learning throughout the employee lifecycle, and
recognizes individual contributions to our mission.
Planned Parenthood Federation of America participates in the E-Verify program. Planned
Parenthood Federation of America is an equal employment opportunity employer and is committed
to maintaining a non-discriminatory work environment, and does not discriminate against any
employee or applicant for employment on the basis of race, color, religion, sex, national origin, age,
disability, veteran status, marital status, sexual orientation, gender identity, or any other
characteristic protected by applicable law. Planned Parenthood is committed to creating a dynamic
work environment that values diversity and inclusion, respect and integrity, customer focus, and
innovation.