Sr. Compliance Analyst (remote)

About The Position

Requirements

• 5-8+ years of experience in Information Security Compliance, IT Compliance, Healthcare Compliance, Governance, or audit-related roles
• Experience supporting HITRUST, SOC 2, HIPAA, FedRAMP, and related audit or compliance activities.
• Understanding of IT technical controls and the ability to translate regulatory audit, and contractual requirements into documentation, evidence, and control expectations.
• Strong understanding of governance processes, compliance operations, and audit readiness practices.
• Excellent communication skills (written, verbal and listening); able to clearly communicate complex information in an easy to understand manner; able to deliver message effectively verbally and in writing.
• Ability to present to small and midsize audiences.
• Ability and willingness to learn and maximize the use of technology relevant to job responsibilities.
• Ability to maintain confidentiality of sensitive information.
• Ability to work independently as well within a team.
• Ability to organize, prioritize, and coordinate multiple work activities and meet target deadlines.
• Ability to be flexible when there are schedule or priority changes and last-minute requests.
• Ability to travel as needed to Company locations and third-party locations within the US.
• Required licensures, professional certifications, and/or Board certifications as applicable.
• Individual in this position must be able to work in a standard office environment which requires sitting and viewing monitor(s) for extended periods of time, operating standard office equipment such as, but not limited to, a keyboard, copier and telephone

Nice To Haves

• Experience in the healthcare industry is preferred.
• Experience working with governance/compliance or GRC tools preferred.
• Knowledge of security and compliance frameworks such as HITRUST, HIPAA, SOC 2, NIST, or ISO 27001.
• Certifications such as CISA, CISM, CISSP, or HITRUST-related credentials are preferred.

Responsibilities

• Maintain compliance documentation, control inventories, evidence repositories, and regulatory/control mappings to effectively demonstrate adherence to healthcare, information security, and contractual requirements.
• Support compliance assessments, readiness reviews, and control validation activities to confirm alignment with regulatory, audit, and contractual requirements.
• Provide guidance to control owners regarding compliance obligations, documentation expectations, evidence collection, remediation activities, and audit readiness.
• Develop and maintain compliance metrics, dashboards, and reporting to support visibility into governance and compliance activities.
• Support the development, documentation, and improvement of governance and compliance processes to enhance consistency, audit readiness, regulatory alignment, and operational efficiency.
• Provide input into ongoing maturation of governance and compliance processes and help execute approved improvement initiatives.
• Support administration, reporting, workflow updates, and ongoing enhancement governance and compliance tooling used to manage requirements, evidence, and related activities.
• Assist with requirements gathering, testing, reporting improvements, and workflow updates governance and compliance tooling, as needed.
• Stay current on relevant regulatory requirements, audit expectations, and information security compliance and assurance practices; recommend updates to documentation, controls, policies, standards, and procedures as needed.
• Support audit and assurance activities related to HIPAA, HITRUST, SOC2, client requirements, security questionnaires, and other applicable reviews or certifications by coordinating evidence collection, reviewing documentation, validating control statements, supporting control owners, and tracking remediation activities.
• Assist with responses to client security questionnaires, due diligence requests, and customer audit inquiries in partnership with stakeholders across Security, Technology, Legal, and other teams.
• Lead and support the development, review, maintenance, and updating of information security policies, procedures, standards, and related documentation to align with regulatory requirements, audit expectations, healthcare industry standards, and contractual obligations.
• Assist with the development and implementation of the organization’s security awareness training to ensure alignment with compliance requirements.
• Identify opportunities to improve governance, compliance, audit readiness, and related documentation/process effectiveness across the organization.
• Support other governance, compliance, and related assurance activities as assigned.
• Collaborate, coordinate, and communicate across disciplines and departments with colleagues in Information Security, Technology, Legal, Internal Audit, and others.
• Demonstrate Company’s Core Competencies and values held within.
• The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.

Benefits

• Medical, dental and vision coverage with low deductible & copay
• Life insurance
• Short and long-term disability
• Paid Parental Leave
• 401(k) + match
• Employee Stock Purchase Plan
• Generous Paid Time Off – accrued based on years of service
• 10 paid company holidays
• Tuition reimbursement
• Flexible Spending Account
• Employee Assistance Program
• Sick time benefits – for eligible employees, one hour of sick time for every 30 hours worked, up to a maximum accrual of 40 hours per calendar year, unless the laws of the state in which the employee is located provide for more generous sick time benefits