Information Security Compliance Analyst
About The Position
Join us in creating a better way! At eHealth, our mission is to expertly guide consumers through their health insurance and related options when, where, and how they prefer. We’re creating a better way – one that’s transparent and trustworthy for both our consumers externally and our employees internally. Move your career forward while connecting countless people to the life- changing, quality care they deserve. Our diverse team of innovators supports one another in solving some of the toughest challenges. We’re always on the lookout for creative opportunities to do right by our customers, and each other. Together, we’re creating a better way to work, united by our common passion to make a difference. eHealth is America’s first and largest private online marketplace for health insurance, which allows individuals, families, and small businesses to compare insurance options side by side and enroll in coverage. Our mission is to help everyone find affordable Healthcare coverage through our website technology, consumer advocacy, and personalized customer assistance. The company has continued to evolve into an effective Expedia equivalent in the health care space. The increasing confidence that analysts and shareholders are demonstrating by our record share price is a testimony to our position in the health care market. Building a high-performance culture is critical for eHealth to continue on our path of intelligent and rapid growth and to win with our customers. We’re looking for a versatile Governance, Risk, and Compliance (GRC) professional passionate about the people, processes, and technology that enable eHealth to achieve its mission. Your expertise will help to drive improvements to eHealth’s Information Security, Governance, Compliance, and Risk Assessment processes to empower sound decisionmaking. Your interpersonal skills will help foster a risk-aware culture throughout the company. Compliance is a crucial pillar supporting eHealth’s overall Information Security Program. As an individual contributor on the GRC team, you will work with stakeholders across IT, Engineering, Legal, and HR along with other members of the GRC team. You will be responsible for assessing, evaluating, and making recommendations to leadership regarding the implementation of security controls aligned with SOC2 and eHealth's Risk Management program.
Requirements
- You have a Bachelor's degree in Information Security, Information Systems or related field. We will consider candidates with equivalent work experience in lieu of a Bachelor’s degree.
- You have 3+ years of experience working in an Information Security audit setting such as SOC2 and HITRUST, and knowledge of security controls including NIST, HIPAA, & Privacy
- You have the ability to foster a collaborative working relationship in a fast-paced, team-oriented environment
- You bring strong written and verbal communication skills with a proven ability to hold constructive discussions with the business to ensure information security risks are adequately addressed
- You have attention to detail and strong research skills
- You have the ability to analyze problems from different angles and foster multiple perspectives
- You have the ability to digest and translate technical language and relay to stakeholders outside of the Security field in understandable terms
- You have the ability to exercise judgement within defined procedures and determine appropriate action with autonomy and support as needed
Nice To Haves
- You have experience with risk management tool administration and configuration is a plus
Responsibilities
- Assisting with internal and external audit engagements (SOC2 Type II, HITRUST, PCIDSS, SOX, GuardianSphere etc.)
- Gather control evidence to ensure the information provided fulfills the requirements
- Organize audit evidence and manage the control and process libraries
- Assist the business to assess, document and remediate risks identified during the assessment
- Work with the business to implement sound security controls aligned with the security policies and standards and identify control gaps
- Develop metrics to report to management
- Assisting with Security awareness training and phishing campaign exercises
- Working with business partners to respond to carrier security questionnaires
- Evaluating new vendors for security concerns
- Assess the status of projects to identify and implement appropriate corrective measures to resolve security concerns as they arise
- Assists in the development and ongoing refinement of enterprise AI policies, standards, and guardrails, embedding responsible and compliant AI use into core governance processes, risk assessments, and control frameworks
Benefits
- Generous benefits include medical, dental and vision beginning on your first day of employment
- 401K with matching
- Tuition reimbursement
- Employee stock purchase program
- 12 company paid holidays and flexible time off (PTO for non-exempt)
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
