This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

The IT Security & Compliance Analyst works collaboratively within the IT department to identify, manage and communicate security risks, implement and monitor security compliance, and respond to audits effectively.

• Collaborate with the engineering departments to implement security controls from approved security frameworks and drive best IT practices.
• Interface with internal partner teams to help drive best practices and compliance.
• Evaluate and perform Risk Assessments of new software solutions with internal partners.
• Drive deployment of new systems/solutions as needed.
• Write procedure documentation for end users as needed to facilitate process improvement.
• Help develop IT security training content and drive completion of required security training in collaboration with Human Resources.
• Respond to complex security questionnaires, RFP/RFI requests, and client audits.
• Facilitate end-to-end evidence gathering for external audits, ensuring all technical and administrative artifacts align strictly with security control requirements and regulatory frameworks.
• Evaluate, identify, and remediate the risks associated with current vendors, new vendor acquisitions, and consumer data exchanges.
• Perform risk oversight tasks of vendor security compliance.
• Help run Internal, external and vendor related audits.
• Conduct security analysis of deployed software.
• Monitor for risks to the enterprise and to implemented controls.
• Identify, maintain, and publish the requirements for the IT department to achieve compliance and privacy standards in SOC 2, HITRUST, FedRAMP, and other frameworks.
• Work with the internal team in communicating related security notifications and IT controls within the organization while collaborating with teams and vendors on changes, remediations, and updates.
• Experience with incident management Drive use cases to enable threat detection and hunting based on threat intelligence frameworks.
• Experience with Agile and/or Kanban with emphasis on Scrum to drive continuous process improvement.
• Perform Access Reviews.

Qualifications

• Experience related to duties and responsibilities.
• Experience working in Governance, Risk, and Compliance.
• A customer-oriented approach to problem resolution.
• Experience with IT control auditing and compliance.
• Working knowledge of Software Development Lifecycle concepts and processes.
• Working knowledge of cloud providers with respect to IT Security & Compliance controls and practices.
• General knowledge of frameworks and controls: NIST 800-53, FedRAMP, HITRUST, SOC 2, PCI, ISO 27001.
• General knowledge of HIPAA and the requirements to protect PHI.
• Ability to communicate concepts in a concise form to management and cross-functional teams verbally, in writing, and through pictures or diagrams when appropriate.
• Excellent written, oral, instructional, presentation, and interpersonal skills focused on motivation and positive attitude.
• Highly self-motivated with the ability to prioritize tasks and work independently.
• Ability to work quickly and efficiently.
• Desire to work at a rapidly growing organization in healthcare.
• Experience working with remote users in a distributed environment.
• Experience with Office 365 suite, Atlassian suite, Vanta (or other GRC tools).
• Experience with any major cloud platform (AWS, Google, Azure) is preferred.

Preferred Certifications

• CCSK
• CCAK
• CISA
• AWS Cloud Practitioner
• SANS certificates

Salary Range

$125,000 — $140,000 USD

Company Description

Judi Health values a diverse workplace and celebrates the diversity that each employee brings to the table. We are proud to provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, medical condition, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.