AddressJob Summary:
Security Compliance Analyst to assist in the service delivery of annual HIPAA and NIST Risk Assessments of healthcare providers and assist in the third-party risk assessments of a healthcare's business associates, (aka; vendors or suppliers). This role requires a strong working knowledge of information security, cybersecurity frameworks, policies, standards, laws, regulations, and protocols. The role includes responsibilities that include information security assessment and third-party risk assessments related to current state cybersecurity risk analysis, critical data protection, and regulatory compliance of patient health information.
Essential Job Functions:
- Assist with the delivery of security and compliance assessments utilizing Fortified Healthcare Solutions tools and methodology.
- Assistance with information security and compliance policy and process review, construction, and/or guidance.
- Maintaining a working knowledge of healthcare security and compliance requirements, federal and state laws, regulations, and third-party standards; including but not limited to NIST, 405(d), PCI-DSS, HIPAA Security & Privacy Rules, HITECH, and HITRUST.
- Providing high-quality security and compliance support via a Fortified technology-enabled platform, team meetings, web conference calls, meetings, and other electronic communication methods.
- Effective service delivery, management of expectations, and facilitating engagement throughout a given assessment.
- Contribute efforts to enhancing current service delivery capabilities with guidance and input from the engagement lead, engagement team, and management.
- With guidance, have working knowledge and capability to construct a Corrective Action Plans (Risk Remediation or Risk Management Plans) as a follow-on component of a Security Risk Assessment.
- With guidance, have working knowledge and capability to review and provide control compliance feedback on provided client documentation such as Policies, Procedures, and similar documentation that the client may provide as evidence to a given security, privacy, or compliance-based control.
- Assist with client the assembly of client presentations to technical, administrative, and executive audiences.
- Must have basic foundational knowledge and understanding of healthcare systems and technologies, such as Anti-malware, Encryption, Vulnerability Management, Networking, Authentication and Authorizations, Identity and Access Management, and basic knowledge of electronic health records management systems.
- Prior experience in control-based assessments, observations, and report writing associated with annual risk assessment and third-party risk assessment services.
Knowledge & Skills:
Education & Experience
- Computer Science Degree, Management Information Systems Degree or equivalent experience.
- At least 3 years, preferred 5 years, Information Security Consulting experience; focus in Healthcare preferred.
- Understanding of potential and emerging cybersecurity threats, vulnerabilities, and techniques used in governance risk and compliance to include technical, physical and administrative controls.
- A foundational understanding of Security Standards, Architectures, Frameworks and Best Practices such as ISSA, ISO27001/27002, NIST Cybersecurity, COBIT, SABS, NIST, PCI DSS; preferred.
- A foundational understanding of International, Federal and State regulatory and compliance requirements such as HIPAA, SOX, GDPR, and PCI DSS
Special Skills & Knowledge
- Strong communication both written and oral in US English language.
- Able to multi-task, prioritize, and manage time effectively.
- High-energy self-starter that seeks to deliver excellence, no matter how small the project.
- Licenses, Certifications, Accreditation, and Associations
Requirements:
- Supervisory Responsibility
- Security certifications such as HITRUST, CISSP, CISM, CISA, CEH, GIAC, CHP, and CHPS optional.
