he IT Compliance Analyst will operate at multiple levels within the organization leading and participating in IT compliance projects, risk assessments, SOX and HIPAA compliance, incident response, and policy creation and maintenance. In addition, the Sr. IT Compliance Analyst will work with IT and business groups to identify and recommend solutions on IT Compliance related issues and provide expertise surrounding a broad range of compliance duties. We operate in a highly regulated environment (SOX, HIPAA, SOC 2, GDPR, ISO, FDA, The Joint Commission) and the IT Compliance Analyst must have a working knowledge in these regulations.
Specific job responsibilities include:
- Actively identify and respond to IT compliance issues and incidents related to systems and workflow to ensure internal compliance controls are appropriate and operating as intended within the organization.
- Evangelize compliance initiatives and engage with operations and development teams to ensure adherence to policy guidelines and compliance standards.
- Assist leading coordination and remediation efforts for compliance activities related to IT SOX compliance annual SOC 2 and SOC 3, HIPAA, NIST, and other compliance assessments.
- Maintain IT policies and procedures and lead annual update efforts.
- Conduct Proof of Concepts for solutions and technologies required for IT Compliance.
- Collaborate with various teams for IT Compliance activities, as required.
- Play a key role the development and ongoing delivery of IT compliance and HIPAA awareness training.
- Coordinate execution of annual incident response and disaster recovery table-top walkthroughs and update processes and associated documentation.
- The successful candidate will lead cross organizationally through influence and help shape operating processes with value-add recommendations and regulatory guidance.
- At least 7 years of IT SOX and HIPAA experience preferably in a healthcare related industry and public company environment; with at least five (5) years of experience with security operations and risk assessment preferred.
- Experience performing regular User Access Reviews (UAR).
- Experience with operation of Identity Access Management (IAM) and Data Loss Prevention (DLP) solutions such as Okta, Sailpoint, and FairWarning.
- Working knowledge of HIPAA/HITECH, GDPR, ISO, NIST CSF, SOX and other compliance regulations.
- Ability to think strategically about compliance risks and tie those to organizational priorities.
- Capable of building a network of relationships across organizational functions and to liaise with senior management.
- Excellent written and verbal communication skills; experience developing and delivering presentations and reports.
- Relevant professional certifications such as Certified Information Systems Auditor (CISA), Certified Information System Professional (CISSP)
- Bachelor’s degree in Computer Science, Information Security, or related field required
What’s in it for you: