Security & Compliance Analyst

The Security & Compliance Analyst will be responsible for Security Governance, Risk, and Compliance (GRC) within the organization, participating in annual audits and interacting with customers as needed, prioritizing and tracking security and compliance risk issues, guiding internal and external stakeholders on mitigation, identifying risks that increase loss probability and communicating the posture to leadership.

Requirements

• Support the development, update, revision, and/or implementation of security and compliance policies, procedures, practices, and metrics
• Manage and support audit engagements (e.g., HIPAA, SOC 2, HITRUST), the audit request lists and ensure requests are being fulfilled by stakeholder management
• Implement, monitor, and continuously improve the HIPAA Training & Security Awareness Program
• Conduct third party risk assessments and vendor management to ensure all vendors are vetted and approved, onboarded according to defined policy/process, and have proper ongoing oversight to ensure Security and Regulatory compliance
• Ensure effective risk management controls for the entire infrastructure, including but not limited to endpoints, mobile devices, servers, cloud services and tools, etc.
• Maintain a risk register
• Analyze and provide guidance for exception and non-standard software requests
• Coordinate Strategic Response Training and conduct Incident Response tabletop exercises
• Investigate, document, and remediate Security Incidents, including but not limited to SOC, MDR and other security controls alerts
• Support the Sales process, including addressing customer security questionnaires and interfacing with client security teams
• Respond to Customer Security Assessments and inquiries.
• Ensure compliance with Customer Requirements
• Perform other related duties as assigned