Job Description:
We are looking to add an Information Security Compliance Analyst II to join our Information Security team in West Des Moines, Iowa.
Essential Responsibilities:
The purpose of this position is to support the information security program, including initiatives related to strategy, policies, standards, risk management, awareness, and training. This role will also support the enhancement of the Enterprise’s overall governance program.
Essential Responsibilities:
- Conduct comprehensive risk assessments and provide detailed reports on findings and required mitigations.
- Lead the development and maintenance of policies, ensuring they address regulatory requirements.
- Oversee implementation of risk mitigation controls, risk management, and conduct follow-up audits.
- Manage vendor risk assessments, working with third parties to address any gaps.
- Review contractual agreements against compliance standards and in alignment with HMA contractual requirements
Additional Responsibilities:
- Develop and present compliance metrics and reports to senior management and auditors.
- Mentor junior analysts and oversee documentation quality.
- Take the lead on special compliance projects, ensuring alignment with strategic goals.
- Assist with the annual SOC2 audit and other audits or assessments as appropriate.
Knowledge, Skills and Abilities:
- Strong understanding and application of privacy policies, compliance standards and regulations such as NIST, HIPAA, NYDFS or GLBA.
- Solid knowledge of GRC tools such as Apptega, Archer, etc.
- Broad technical knowledge of network, cloud, and application security.
- Ability to conduct internal and external risk assessments and identify various types of risks, such as operational, cybersecurity, regulatory, and reputational risks, and recognize the implications of these risks on the organization.
- Proficient with mapping and analyzing workflows to identify points of inefficiency, risk, or non-compliance.
- Strong understanding of SDLC and experience in compliance integration.
- Ability to analyze complex issues and implement effective solutions.
- Experience using automation tools within the work environment.
- Ability and willingness to consistently participate in internal and external educational opportunities to enhance knowledge of current insurance topics or relevant system improvements.
- Ability to be available for work on a daily basis and extended hours as necessary.
- Ability and willingness to consistently participate in internal and external educational opportunities to enhance knowledge of current insurance topics or relevant system improvements.
- Ability and willingness to pursue relevant designations and/or continuing education, as appropriate.
- Ability to apply common sense understanding to carry out instructions furnished in written, oral or diagram form. Ability to deal with problems involving several concrete variables in standardized situations.
- Ability to exert up to 10 pounds of force occasionally, and/or negligible amount of force frequently or constantly to lift, carry, push, or pull objects.
- Must be knowledgeable of and comply with HMA's Client Privacy Policy, HIPAA regulations and E&O procedures and policies.
Qualifications:
- Education: Associate’s or Bachelor’s degree in cybersecurity, technology, information systems, or related area or an equivalent combination of education, training, and experience.
- Experience: 3-5 years of relevant experience in Information Security, compliance, governance, or other security-related fields. Relevant certifications preferred.
- Ability and willingness to pursue relevant designations and/or continuing education, as appropriate.
Core Competencies
- Trust: Build trust through honest and caring actions and consistently do the right thing.
- Communication: Seek understanding to convey messages and information to others in a caring and constructive manner.
- Client Focus: Establish meaningful relationships with clients (internal and external) by supporting their unique potential and delivering an impactful experience.
- Teamwork: Contributes to the success of the organization by effectively influencing others and uplifting their experiences and unique strengths.
Technical Competencies
- Business & Technology Knowledge: Invests in the development of technical knowledge, understands business needs to make informed decisions and deliver technology solutions, including effective related processes and procedures.
- Problem Solving: Ability to efficiently identify problem(s), leverage resources to determine root cause(s) and propose and implement solutions or make improvements
Benefits: In addition to core benefits like health, dental and vision, also enjoy benefits such as:
- Paid Parental Leave and supportive New Parent Benefits — We know being a working parent is hard, and we want to support our employees in this journey!
- Company paid continuing Education & Tuition Reimbursement — We support those who want to develop and grow.
- 401k Profit Sharing — Each year, Holmes Murphy makes a lump sum contribution to every full-time employee’s 401k. This means, even if you’re not in a position to set money aside for the future at any point in time, Holmes Murphy will do it on your behalf! We are forward-thinking and want to be sure your future is cared for.
- Generous time off practices in addition to paid holidays — Yes, we actually encourage employees to use their time off, and they do. After all, you can’t be at your best for our clients if you’re not at your best for yourself first.
- Supportive of community efforts with paid Volunteer time off and employee matching gifts to charities that are important to you — Through our we offer several vehicles where you can make an impact and care for those around you.
- Inclusion & Belonging Programs — Holmes Murphy is committed to celebrating every employee’s unique potential. Through inclusion and belonging initiatives, titled Uniquely United, not only do we offer employees a paid Diversity Day time-off option, but we also have a Uniquely United Committee, Employee Resource Groups, and development programs to advance our culture of belonging. We encourage employees to engage in ways that are meaningful to them to enhance their overall experience!
- Consistent merit increase and promotion opportunities — Employees are reviewed annually for merit increases and promotion opportunities because we believe growth is important — not only with your financial wellbeing, but also your career wellbeing.
- Discretionary bonus opportunity — Yes, there is an annual opportunity to make more money. Who doesn’t love that?!