Risk & Compliance Analyst at Bright Health
- Collaborate to define IT security standards and develop supporting organizational policies.
- Perform security and compliance assessments on new and existing systems, processes, technology.
- Support vendor due-diligence process and help to lead and define overall third-party risk management efforts.
- Work with various business units to ensure controls are adequate, appropriate, and effective.
- Support internal and external audit process for relevant compliance concerns including SOC2, HIPAA requirements.
- Participate in disaster recovery and business continuity planning.
- Perform business impact analysis and assist with development of IT/InfoSec risk register.
- Perform periodic gap assessments to validate compliance on an ongoing basis.
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
- Other duties or responsibilities as assigned
EDUCATION, TRAINING, AND PROFESSIONAL EXPERIENCE
- High School Diploma or GED required; Bachelor’s degree in related field or equivalent work experience preferred.
- Two (2) or more years of relevant in information security experience required
- Experience in governance, risk management, and compliance within the cybersecurity realm including assisting with security and privacy audits, and managing risk management reports, highly preferred.
- ISACA or (ISC)2 Certification is preferred.
- Knowledge and experience in information security and privacy laws, access, release of information, and release control technologies.
- Knowledge and experience in general electronic health information access, release of information, and release control technologies.
- Able to analyze the nature and classification of health data and the status of the person or entity requesting the electronic health data. Determine which provisions in HIPAA or security policy apply to the data, determine if other state or federal laws, rules, or regulations are in conflict with the applicable provision of HIPAA or policy; Determine if there are court decisions that address the issue; and recommend procedures or processes that reduce or eliminate the conflicts in law and assure compliance with applicable statutes and/or regulations.
- Demonstrated organizational, facilitation, presentation, and project management skills with excellent written and verbal communication skills.
- Ability to develop and/or modify policies and procedures within the confines of current law and management objectives