Senior Information Security Compliance Analyst

About the position

The Senior Information Security Compliance Analyst manages and leads the coordination of internal and external audit activities integral to audit success, including the collection of evidence artifacts. They will assist with maturing the enterprise risk program. The Senior Information Security Compliance Analyst has a thorough understanding of common security frameworks and practices. They will lead the update and maintenance of information security policies, standards, & procedure documents. The individual assists in the management of the Customer Security Response service by providing responses to customer requests on behalf of Surescripts security. The Senior Information Security Compliance Analyst assists with the management, execution, and development of information security awareness content to improve employee information security awareness and understanding of security policies to reduce company risk.

Responsibilities

• Lead the coordination of internal and external assessments & certification activities integral to audit success.
• Participate in information security compliance assessments such as HIPAA & HITRUST.
• Catalog evidence in the GRC system for new requirements.
• Manage and maintain the evidence locker in the GRC tool.
• Ensure all artifacts are updated by evidence owners.
• Track and ensure all compliance Gaps and Corrective Action Plan (CAPs) are addressed in a timely manner.
• Review & update information security procedures, controls, and related evidence with stakeholders for completeness.
• Assist with maturing the enterprise risk program across Surescripts.
• Work with risk champions on developing and attaining POAMs.
• Maintain enterprise risk reporting.
• Provide enterprise risk training and guidance.
• Utilize enterprise risk playbook & add to it as appropriate.
• Independently manage customer requests for information on Surescripts Information Security.
• Provide outstanding customer service to internal stakeholders by answering questionnaires submitted by customers within 7 business days.
• Understand the complex set of Surescripts customer solutions and security controls to synthesize the knowledge into clear and simplified answers.
• Analyze new requests and collaborate with internal teams to provide succinct answers.
• Assist in the management and development of information security awareness materials and campaigns.
• Present security awareness content that targets improving employee understanding of information security and their role to help keep Surescripts secure.
• Create monthly phishing awareness campaigns.
• Create content and configure delivery for applicable Security Awareness training.
• Create and execute annual Cyber Security Awareness Month campaigns.
• Work collaboratively with the Surescripts Privacy Officer and Compliance team to deliver privacy content and assist with coordination of governance rollout.
• Assisting with the administration of the Learning Management System, as required.
• Ownership of work & collaboration.
• Effectively manage competing priorities & communicate workload.
• Work closely with project sponsor, cross-functional teams, & assigned project managers to plan scope, deliverables, required resources, work plan, budget, and timing for projects.
• Identify key requirements needed from cross-functional teams and external vendors.
• Manage the review, update and approval of all Security governance documents annually.

Requirements

• Bachelor’s Degree in a field related to Information Security, Computer Information Systems, or equivalent relevant experience.
• 5+ years of experience in relevant, progressive information security compliance roles.
• Must have experience coordinating external security assessments, in one or more of the following HIPAA, HITRUST, SOC-2, DirectTrust / EHNAC, etc.
• Experience with GRC Platforms such as OneTrust.
• Technical writing skills and proven ability to communicate to a broad audience of employees.
• Strong Microsoft Outlook / Office skills (Word, Excel, PowerPoint).

Nice-to-haves

• Working knowledge of HIPAA and other healthcare related standards or regulations.
• Experience with document management processes or systems.

Benefits

• Comprehensive healthcare (including infertility coverage)
• Generous paid time off including paid childbirth and parental leave and mental health days
• Pet insurance
• 401(k) with company match and immediate vesting