Security & Compliance Analyst

Med-Metrix

Parsippany-Troy Hills, NJ

Apply

JOB DETAILS

JOB TYPE

Full-time

SKILLS

Auditing, CEH - Certified Ethical Hacker, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Cloud Computing, CompTIA - Computing Technology Industry Association, CompTIA Security+, Computer Security, Continuous Improvement, Cross-Functional, Customer Relations, Establish Priorities, External Audit, Genetics, HIPAA (Health Insurance Portability and Accountability Act), ISO (International Organization for Standardization), Incident Response, Information/Data Security (InfoSec), Internal Audit, Leadership, Maintain Compliance, Military, Mobile Devices, Office Equipment, PCI, People Management, Peripheral Hardware, Policy Development, Regulations, Risk, Risk Analysis, Risk Management, Sales, Security Analysis, Security Monitoring, Standards Strategy, State Laws and Regulations, U.S. National Institute of Standards and Technology (NIST), Vendor/Supplier Evaluation, Vendor/Supplier Management

LOCATION

Parsippany-Troy Hills, NJ

POSTED

11 days ago

Job PurposeThe Security & Compliance Analyst will be responsible for Security Governance, Risk, and Compliance (GRC) within the organization. The incumbent will participate in annual audits, interact with customers as needed, prioritize and track security and compliance risk issues, guide internal and external stakeholders on mitigation, identify risks that increase loss probability and communicate the posture to leadership. Duties and ResponsibilitiesSupport the development, update, revision, and/or implementation of security and compliance policies, procedures, practices, and metricsManage and support audit engagements (e.g., HIPAA, SOC 2, HITRUST), the audit request lists and ensure requests are being fulfilled by stakeholder management; participate in internal/external audits as it relates to evidencing control management practices; assist the business to document, assess, remediate any issues and risks raised during audit examinations and risk assessments.Implement, monitor, and continuously improve the HIPAA Training & Security Awareness ProgramConduct third party risk assessments and vendor management to ensure all vendors are vetted and approved, onboarded according to defined policy/process, and have proper ongoing oversight to ensure Security and Regulatory complianceCoordinate and manage efforts to mitigate risks and remediation plans to completionEnsure effective risk management controls for the entire infrastructure, including but not limited to endpoints, mobile devices, servers, cloud services and tools, etc. Maintain a risk registerAnalyze and provide guidance for exception and non-standard software requestsCoordinate Strategic Response Training and conduct Incident Response tabletop exercisesInvestigate, document, and remediate Security Incidents, including but not limited to SOC, MDR and other security controls alertsSupport the Sales process, including addressing customer security questionnaires and interfacing with client security teamsRespond to Customer Security Assessments and inquiries.Ensure compliance with Customer RequirementsPerform other related duties as assignedUse, protect and disclose patients’ protected health information (PHI) only in accordance with Health Insurance Portability and Accountability Act (HIPAA) standardsQualifications3+ years of progressive experience in Risk Management, Audit, Compliance, and/or Security Operations roles Industry certification CompTIA Security+ requiredIndustry certification Certified Ethical Hacker (CEH) PreferredIndustry certification such as CISSP, HCISSP, CISM, or CISA preferred but not required.Solid understanding of relevant security and compliance certifications/frameworks, including HIPAA, NIST, ISO27001, SOC, PCI-DSSExperience with HITRUST preferred but not requiredAbility to \'wear multiple hats\' at once and/or pivot quickly based on business needAbility to balance competing priorities based on risk and criticality and independently develop initiativesWorking ConditionsPhysical Demands: While performing the duties of this job, the employee is occasionally required to move around the work area; Sit; perform manual tasks; operate tools and other office equipment such as computer, computer peripherals and telephones; extend arms; kneel; talk and hear.Mental Demands: The employee must be able to follow directions, collaborate with others, and handle stress.Work Environment: The noise level in the work environment is usually minimal.Med-Metrix will not discriminate against any employee or applicant for employment because of race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical history), political affiliation, military service, veteran status, other non-merit based factors, or any other characteristic protected by federal, state or local law.

About the Company

Med-Metrix

Resume Resources

Free Resume Templates Free Resume Builder