Security & Compliance Analyst

About The Position

Requirements

• 3+ years of progressive experience in Risk Management, Audit, Compliance, and/or Security Operations roles
• Industry certification CompTIA Security+ required
• Solid understanding of relevant security and compliance certifications/frameworks, including HIPAA, NIST, ISO27001, SOC, PCI-DSS
• Ability to "wear multiple hats" at once and/or pivot quickly based on business need
• Ability to balance competing priorities based on risk and criticality and independently develop initiatives

Nice To Haves

• Industry certification Certified Ethical Hacker (CEH) Preferred
• Industry certification such as CISSP, HCISSP, CISM, or CISA preferred but not required.
• Experience with HITRUST preferred but not required

Responsibilities

• Support the development, update, revision, and/or implementation of security and compliance policies, procedures, practices, and metrics
• Manage and support audit engagements (e.g., HIPAA, SOC 2, HITRUST), the audit request lists and ensure requests are being fulfilled by stakeholder management; participate in internal/external audits as it relates to evidencing control management practices; assist the business to document, assess, remediate any issues and risks raised during audit examinations and risk assessments.
• Implement, monitor, and continuously improve the HIPAA Training & Security Awareness Program
• Conduct third party risk assessments and vendor management to ensure all vendors are vetted and approved, onboarded according to defined policy/process, and have proper ongoing oversight to ensure Security and Regulatory compliance
• Coordinate and manage efforts to mitigate risks and remediation plans to completion
• Ensure effective risk management controls for the entire infrastructure, including but not limited to endpoints, mobile devices, servers, cloud services and tools, etc.
• Maintain a risk register
• Analyze and provide guidance for exception and non-standard software requests
• Coordinate Strategic Response Training and conduct Incident Response tabletop exercises
• Investigate, document, and remediate Security Incidents, including but not limited to SOC, MDR and other security controls alerts
• Support the Sales process, including addressing customer security questionnaires and interfacing with client security teams
• Respond to Customer Security Assessments and inquiries.
• Ensure compliance with Customer Requirements
• Perform other related duties as assigned
• Use, protect and disclose patients’ protected health information (PHI) only in accordance with Health Insurance Portability and Accountability Act (HIPAA) standards