“Making Healthcare Right. Together.” is the cornerstone of all we do. Our vision is to deliver the best healthcare experience by putting brilliant minds, empathetic hearts and personalized technology to work to create meaningful relationships between our members and Care Partners. To successfully achieve our mission and vision as we operate in a dynamic health care environment, we expect Bright People to embody and uphold our core values in work and interactions, both internal and external: Be Purposeful, Be Authentic, Be Brave, Be Positive, Be Respectful, and Be Accountable.

SCOPE OF ROLE

Working as part of the Information Security team within the Technology office at Bright Health, the Information Security Analyst 3 will report directly to the Information Security GRC Manager and will be responsible for leading day to day IT compliance, data governance, and leading audit activities (internal and external). The role will include primary responsibility for identifying, analyzing and influencing the management of information risks across the organization in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.

ROLE RESPONSIBILITIES

The Information Security Analyst 3 job description is intended to point out major responsibilities within the role, but it is not limited to these items.

Responsibilities:

• Collaborate to define IT security standards and develop supporting organizational policies. 20
• Perform security and compliance assessments on new and existing systems, processes, and technology
• Support vendor due-diligence process and help to lead and define overall third-party risk management efforts.
• Work with various business units to identify and facilitate implementation of appropriate controls to effectively manage information risks.
• Lead internal and external audit process for relevant compliance concerns including SOC2,
• HIPAA requirements.
• Maintain IT/InfoSec risk register and communicate risk findings to risk owners and business leaders.
• Perform periodic gap assessments to validate compliance on an ongoing basis.
• Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
• Other duties and responsibilities as assigned.

EDUCATION, TRAINING, AND PROFESSIONAL EXPERIENCE

• Seven (7) years’ of relevant work experience required.
• Bachelor’s degree in Information Security or related field; or equivalent work experience required.
• Experience with JIRA and/or Confluence
• GRC Tooling - Archer, KnowB4

PROFESSIONAL COMPETENCIES

• Knowledge and experience in information security and privacy laws, access, release of information, and release control technologies.
• Knowledge and experience in general electronic health information access, release of information, and release control technologies.
• Ability to analyze the nature and classification of health data and the status of the person or entity requesting the electronic health data. Determine which provisions in HIPAA or security policy apply to the data, determine if other state or federal laws, rules, or regulations are in conflict with the applicable provision of HIPAA or policy; Determine if there are court decisions that address the issue; and recommend procedures or processes that reduce or eliminate the conflicts in law and assure compliance with applicable statutes and/or regulations.
• Demonstrated organizational, facilitation, presentation, and project management skills with excellent written and verbal communication skills.
• Ability to develop and/or modify policies and procedures within the confines of current law and management objectives

BEHAVIORAL AND LEADERSHIP NORMS

• Bright Values: Lives the Bright Values. Is focused on positivity and respect in all service interactions. Is focused on bravery needed to develop a variety skills. Not afraid to ask questions. Focus on the team’s successes, and how to support that effort.
• Collaboration: Is an effective collaborator that works well with the functional team and others in the organization to align on timelines and effective delivery of a project or task. Is solution oriented. Is able to work with different personality types and teammates to overcome differences in opinion and thought to achieve common company goals.
• Delivers Results: Is results oriented. Focuses on results and the best and most efficient avenue for achieving results. Helps to create process and follows process to achieve results. Ensures thorough documentation of work and process. Works with manager on goal setting to ensure timely and high quality work product. Is focused on managing against a predetermined set of objectives.
• Exhibits Curiosity: Focuses on learning about the business at large. Seeks to understand how they can contribute to driving the business forward and how the bigger picture works. Actively participates in his/her own career development.
• Multi-tasking: Balances multiple work projects and tasks at any given time. Alongside manager or appropriate Bright teammate, re-evaluates priorities based on changing company needs to understand what must be done today. Consistently meets deadlines.
• Service Mindset: Has an outlook that focuses on creating customer value, loyalty and trust. Responds promptly to customer and business needs. Goes above and beyond simply providing service, to build relationships with customers and anticipate needs.
• Upward Management: While balancing multiple work projects and tasks, successfully manages expectations with appropriate project owner about capacity, challenges and barriers to success. Is not afraid to ask for help, guidance or feedback.

LICENSURES AND CERTIFICATIONS

• ISACA, GIAC or (ISC)2 Certification preferred.

WORK ENVIRONMENT

The majority of work responsibilities are performed in an open office setting, carrying out detailed work sitting at a desk/table and working on the computer. Some travel may be required.

EEO/AFFIRMATIVE ACTION STATEMENT

As an Equal Opportunity/Affirmative Action Employer, we welcome and employ a diverse employee group committed to meeting the needs of Bright Health, our consumers, and the communities we serve. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

 We’re Making Healthcare Right. Together. 

We've won some fun awards like: Great Places to Work, Modern Healthcare, Forbes, etc. But more than anything, we're a group of people who are really dedicated to our mission in healthcare. Come join our growing team!

Check out this great video showcasing just some of the fantastic Technology Team broadcasting from our ATX office!

As an Equal Opportunity Employer, we welcome and employ a diverse employee group committed to meeting the needs of Bright Health, our consumers, and the communities we serve. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law.

BRIGHT ON!