ITSC Security Analyst

Location: Remote 

Position Summary: 

The IT Security & Compliance Analyst works collaboratively within the IT department to identify, manage and communicate security risks, implement and monitor security compliance, and respond to audits effectively. 

Position Responsibilities: 

• Collaborate with the engineering departments to implement security controls from approved security frameworks and drive best IT practices.
• Interface with internal partner teams to help drive best practices and compliance.
• Evaluate and perform Risk Assessments of new software solutions with internal partners.
• Drive deployment of new systems/solutions as needed.
• Write procedure documentation for end users as needed to facilitate process improvement.
• Help develop IT security training content and drive completion of required security training in collaboration with Human Resources.
• Respond to complex security questionnaires, RFP/RFI requests, and client audits.
• Facilitate end-to-end evidence gathering for external audits, ensuring all technical and administrative artifacts align strictly with security control requirements and regulatory frameworks.  
• Evaluate, identify, and remediate the risks associated with current vendors, new vendor acquisitions, and consumer data exchanges.
• Perform risk oversight tasks of vendor security compliance.
• Help run Internal, external and vendor related audits.
• Conduct security analysis of deployed software.
• Monitor for risks to the enterprise and to implemented controls
• Identify, maintain, and publish the requirements for the IT department to achieve compliance and privacy standards in SOC 2, HITRUST, FedRAMP, and other frameworks.
• Work with the internal team in communicating related security notifications and IT controls within the organization while collaborating with teams and vendors on changes, remediations, and updates.
• Experience with incident management Drive use cases to enable threat detection and hunting based on threat intelligence frameworks.
• Experience with Agile and/or Kanban with emphasis on Scrum to drive continuous process improvement.
• Perform Access Reviews. 

Required Qualifications: 

•  Experience related to duties and responsibilities.
• Experience working in Governance, Risk, and Compliance.
• A customer-oriented approach to problem resolution
• Experience with IT control auditing and compliance.
• Working knowledge of Software Development Lifecycle concepts and processes
• Working knowledge of cloud providers with respect to IT Security & Compliance controls and practices.
• General knowledge of frameworks and controls: NIST 800-53, FedRAMP, HITRUST, SOC 2, PCI, ISO 27001
• General knowledge of HIPAA and the requirements to protect PHI.
• Ability to communicate concepts in a concise form to management and cross-functional teams. departments or teams verbally, in writing, and through pictures or diagrams when appropriate.
• Excellent written, oral, instructional, presentation, and interpersonal skills focused on motivation and positive attitude.
• Highly self-motivated with the ability to prioritize tasks and work independently.
• Ability to work quickly and efficiently.  
• Desire to work at a rapidly growing organization in healthcare.
• Experience working with remote users in a distributed environment.
• Experience with Office 365 suite, Atlassian suite, Vanta (or other GRC tools).
• Experience with any major cloud platform (AWS, Google, Azure) is preferred. 

Preferred Certifications:

• CCSK
• CCAK
• CISA
• AWS Cloud Practitioner
• SANS certificates 

This range represents the low and high end of the anticipated base salary range for the NY - based position. The actual base salary will depend on several factors such as: experience, knowledge, and skills, and if the location of the job changes.