Healthcare Assurance Specialist , AWS Compliance & Security Assurance

About The Position

Requirements

• Bachelor's degree or equivalent in Information Security, Computer Science, Risk Management, Engineering, Math, Statistics, or a related discipline, or equivalent technology experience
• Experience in one or more of the following domains: access- control system and methodology, network security, application- and system-development security, security architecture and models, cryptography, and operations security
• Experience creating and delivering written and oral communications for technical and non-technical audiences
• Experience that includes strong analytical skills, attention to detail, and effective communication abilities, or experience in deploying identity and access management systems
• 5+ years of progressive experience in compliance roles, including direct ownership of a HIPAA compliance program at a technology company
• Experience with maintaining HITRUST compliance

Nice To Haves

• Knowledge of AWS or cloud computing
• Experience in auditing, risk management, compliance, program management, or quality management systems
• Experience working with a matrixed team of stakeholders to achieve a common goal or equivalent
• Experience mentoring, coaching, and influencing colleagues, collaborators, and stakeholders
• Professional certifications such as Certified in Healthcare Privacy Compliance (CHPC), Certified in Healthcare Information Security and Privacy Practitioner (HCISPP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or equivalent
• Experience working with cloud service providers or technology companies serving healthcare customers
• Knowledge of related healthcare regulations including HITECH Act, 21 CFR Part 11, and state privacy laws
• Experience with regulatory examinations, audits, or enforcement actions
• Experience implementing or significantly contributing to compliance automation or GRC tooling integrations

Responsibilities

• Conduct, document, and manage internal HIPAA compliance audits to identify vulnerabilities across AWS services and infrastructure.
• Develop risk assessment frameworks that evaluate technical controls, administrative safeguards, and physical security measures against both HIPAA requirements and the HITRUST Common Security Framework (HITRUST CSF).
• Partner with internal stakeholders to ensure audit findings are remediated effectively, and control environments remain robust.
• Leverage HITRUST-certified AWS services and inherit AWS certifications for applicable controls under the HITRUST Shared Responsibility Matrix (SRM) to design and implement AWS environments that support customer compliance obligations.
• Map customer-specific control responsibilities to the HITRUST SRM to ensure clear accountability for inherited AWS controls versus customer-managed controls, enabling customers to build HIPAA-compliant architectures that meet HITRUST CSF requirements while optimizing their certification timelines and audit scope.
• Partner with the HIPAA Security Official to oversee AWS's compliance with all requirements of the HIPAA Security Rule.
• Partner with AWS service teams, security architects, and compliance stakeholders to embed HIPAA requirements into product development lifecycles.
• Provide regulatory guidance during service launches, feature releases, and infrastructure changes that impact healthcare customers.
• Design and deliver comprehensive training programs that educate AWS employees, service teams, and customer-facing personnel on patient privacy obligations and data security best practices.

Benefits

• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave
• sign-on payments
• restricted stock units (RSUs)