Risk & Compliance Analyst at Bright Health

| Austin
!Sorry, this job was removed at 1:46 p.m. (CST) on Tuesday, January 21, 2020
Working as part of the information security team within the technology office at Bright Health, the Risk & Compliance Analyst will report directly to the Director of Information Security and will be responsible for leading the day to day IT compliance, data governance, and IT risk management functions. The role will include primary responsibility for defining, creating, and managing IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.
Specifically, the GRC (Governance, Risk and Compliance) Analyst will be maintaining day-to-day workstreams for the Bright Health security program. This position will be responsible for conducting vendor security reviews in the procurement system, updating risk registers and assisting with project managing audit requests across various business units. These workstreams will be executed under the systems that the Director of Information Security has architected and built. This position will also be responsible for assisting with annual risk assessments, business impact analysis and overhauling changes within the governance program, where needed. This role will be well supported by Bright Health’s Director of Information Security and Senior Security Engineer.


  • Collaborate to define IT security standards and develop supporting organizational policies.
  • Perform security and compliance assessments on new and existing systems, processes, technology.
  • Support vendor due-diligence process and help to lead and define overall third-party risk management efforts.
  • Work with various business units to ensure controls are adequate, appropriate, and effective.
  • Support internal and external audit process for relevant compliance concerns including SOC2, HIPAA requirements.
  • Participate in disaster recovery and business continuity planning.
  • Perform business impact analysis and assist with development of IT/InfoSec risk register.
  • Perform periodic gap assessments to validate compliance on an ongoing basis.
  • Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
  • Other duties or responsibilities as assigned


  • High School Diploma or GED required; Bachelor’s degree in related field or equivalent work experience preferred.
  • Two (2) or more years of relevant in information security experience required
  • Experience in governance, risk management, and compliance within the cybersecurity realm including assisting with security and privacy audits, and managing risk management reports, highly preferred.
  • ISACA or (ISC)2 Certification is preferred.


  • Knowledge and experience in information security and privacy laws, access, release of information, and release control technologies.
  • Knowledge and experience in general electronic health information access, release of information, and release control technologies.
  • Able to analyze the nature and classification of health data and the status of the person or entity requesting the electronic health data. Determine which provisions in HIPAA or security policy apply to the data, determine if other state or federal laws, rules, or regulations are in conflict with the applicable provision of HIPAA or policy; Determine if there are court decisions that address the issue; and recommend procedures or processes that reduce or eliminate the conflicts in law and assure compliance with applicable statutes and/or regulations.
  • Demonstrated organizational, facilitation, presentation, and project management skills with excellent written and verbal communication skills.
  • Ability to develop and/or modify policies and procedures within the confines of current law and management objectives

At Bright Health, we brought together the brightest minds from the health care industry and consumer technology and together we created Bright Health: a new, brighter approach to healthcare, built for individuals. Our plans are easy to manage, personalized and more affordable, giving people the quality care they deserve. Through our exclusive care partnerships with leading health systems in local communities we are reshaping how people and physicians achieve better health together.
We’re Making Healthcare Right. Together. 
We've won some fun awards like: Great Places to Work, Modern Healthcare, Forbes, etc. But more than anything, we're a group of people who are really dedicated to our mission in healthcare. Come join our growing team!
As an Equal Opportunity Employer, we welcome and employ a diverse employee group committed to meeting the needs of Bright Health, our consumers, and the communities we serve. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

Read Full Job Description

Technology we use

  • Engineering
  • Product
    • .NETLanguages
    • C#Languages
    • JavascriptLanguages
    • PythonLanguages
    • SqlLanguages
    • PowerShellLanguages
    • D3JSLibraries
    • ReactLibraries
    • Node.jsFrameworks
    • MongoDBDatabases
    • TSQLDatabases
    • InVisionDesign
    • SketchDesign
    • Lucid ChartDesign
    • JIRAManagement
    • Microsoft ProjectManagement


We are downtown at 515 Congress Avenue, right in the heart of downtown! Tons of restaurants and close to public transportation.

An Insider's view of Bright Health

What’s the vibe like in the office?

The office has a relaxed and laid back vibe but people are very serious about their work - perfect!


Data Engineer

What does your typical day look like?

Our team works within an Agile framework with 2 week sprints. Tasks in my sprint that I tackle daily range from ideation, research, designing wires and mocks in Sketch, UI kit updates, prepping for an engineering handoff, etc.


Digital Product Designer

What makes someone successful on your team?

A hard-working team player who thinks first and codes next is likely to learn a lot and quickly become a valuable member of the team. Lots of experience with some of our tooling is always nice, but if someone can't knowledge-share well or responds poorly to code reviews and other requests for collaboration, it'll be a tough fit.


Full Stack Software Engineer

How do you make yourself accessible to the rest of the team?

Modeling after my manager, I like to provide both regularly scheduled one-on-one meetings, where developers and engineers get to set the agenda. We can talk about career development, design and architecture ideas, industry trends, or traditional HR topics like goal setting. It’s up to them. I also have begun setting regular “office hours.”


VP & Data Platform Architect

How do your team's ideas influence the company's direction?

We hire smart individuals who thrive on accomplishment and purpose. Our teams are exposed to the bigger picture through constant communication and dialogues – that encourages them to come up with innovative solutions to problems. We've made significant adjustments on our direction in technology and process that were initiated by the team.


VP, Engineering

What are Bright Health Perks + Benefits

Bright Health Benefits Overview

We have 3 different health insurance plans, all through Cigna (HDP, Premium HDP and PPO). We cover the majority of the cost for the employee and some cost for family. We have two dental plans and a vision plan as well. We have an open PTO program. We put 3% of your total earnings into your 401K plan and you are immediately vested in that. We have all the latest technology (Mac or Surface laptops – your choice) to use including standing desks. Fully stocked fridge with snacks and drinks.

Friends outside of work
Eat lunch together
Daily stand up
Open door policy
Team owned deliverables
Team based strategic planning
Pair programming
Open office floor plan
Highly diverse management team
Mean gender pay gap below 10%
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Bright Health employees can contribute up to $3500 annually to their FSA.
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Retirement & Stock Options Benefits
We will put 3% of your total earnings into your 401K plan, even if you don't put anything in. It's a safe harbor contribution.
Company Equity
Performance Bonus
Child Care & Parental Leave Benefits
Generous Parental Leave
We provide up to 6 weeks of parental leave for the primary caretaker. Acme Co. also provides 6 weeks of leave for the secondary caretaker.
Flexible Work Schedule
Acme Co. provides employees with a flexible work schedule that includes Core hours, Flexible start and end times.
Company sponsored family events
Acme co. sponsors family oriented events Quarterly.
Vacation & Time Off Benefits
Unlimited Vacation Policy
Paid Holidays
Perks & Discounts
Beer on Tap
Casual Dress
Commuter Benefits
Stocked Kitchen
Happy Hours
Happy hours are hosted on occasion.
We offer employees A parking subsidy.
Professional Development Benefits
Promote from within
More Jobs at Bright Health10 open jobs
All Jobs
Data + Analytics
Dev + Engineer
Data + Analytics