GRC Security Analyst
Jacksonville, FL, United States
Back to Career Site
We are transforming healthcare to be value-driven, creating a seamless, consumer-centric care experience that maximizes value for all.
We believe that all health consumers are entitled to high quality, coordinated healthcare. We uniquely align the interests of health consumers, providers, and payors to make high-quality healthcare accessible and affordable to all populations across the ACA Marketplace, Medicare, and Medicaid.
Working as part of the Information Security team at NeueHealth, the GRC Security Analyst will report directly to the AVP, Technology Infrastructure and Security and will be responsible for leading day to day IT compliance, data governance, and assisting with audit activities (internal and external). The role will include primary responsibility for defining, creating, and managing IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.
This is a work from home position. Preferred locations for candidates are MN, AZ, TX, FL.
YOUR RESPONSIBILITIES
Collaborate to define and support IT security standards and develop supporting organizational policies
Perform security and compliance assessments on new and existing systems, processes, and technology
Support vendor due-diligence process and help to lead and define overall third-party risk management efforts
Work with various business units to ensure controls are adequate, appropriate, and effective
Support internal and external audit process for relevant compliance concerns including SOC2, HITRUST, and HIPAA Security Rule requirements
Assist with maintenance and management of the GRC Risk Register
Perform periodic gap assessments to validate compliance on an ongoing basis with all areas of IT
Stay up to date and informed on developing regulatory concerns and changing IT and information security trends
Manage and lead efforts for the organizations SOC2 report and HITRUST certification
EDUCATION, TRAINING, AND PROFESSIONAL EXPERIENCE
1+ years of relevant work experience preferred
Bachelor's degree in related field or equivalent work experience required
ISACA CISA or other industry certification related to GRC preferred
Experience in SOC2 and HITRUST preferred
Knowledge and experience in information security and privacy laws, access, release of information, and release control technologies
Knowledge and experience in general electronic health information access, release of information, and release control technologies
Ability to analyze the nature and classification of health data and the status of the person or entity requesting the electronic health data; determine which provisions in HIPAA or security policy apply to the data, determine if other state or federal laws, rules, or regulations are in conflict with the applicable provision of HIPAA or policy; determine if there are court decisions that address the issue; and recommend procedures or processes that reduce or eliminate the conflicts in law and assure compliance with applicable statutes and/or regulations
Demonstrated organizational, facilitation, presentation, and project management skills with excellent written and verbal communication skills
Ability to develop and/or modify policies and procedures within the confines of current law and management objectives
A reasonable estimate of the range is $61,000.00 - $91,000.00 annually. Actual compensation will vary based on the applicant's education, experience, skills, and abilities, as well as internal equity. Additionally, employees are eligible for health benefits; life and disability benefits, a 401(k) savings plan with match; Paid Time Off, and paid holidays.
As an Equal Opportunity Employer, we welcome and employ a diverse employee group committed to meeting the needs of NeueHealth, our consumers, and the communities we serve. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.