Senior Information Security Analyst at Bright Health
- Collaborate to define IT security standards and develop supporting organizational policies. 20
- Perform security and compliance assessments on new and existing systems, processes, and technology
- Support vendor due-diligence process and help to lead and define overall third-party risk management efforts.
- Work with various business units to identify and facilitate implementation of appropriate controls to effectively manage information risks.
- Lead internal and external audit process for relevant compliance concerns including SOC2,
- HIPAA requirements.
- Maintain IT/InfoSec risk register and communicate risk findings to risk owners and business leaders.
- Perform periodic gap assessments to validate compliance on an ongoing basis.
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
- Other duties and responsibilities as assigned.
EDUCATION, TRAINING, AND PROFESSIONAL EXPERIENCE
- Seven (7) years’ of relevant work experience required.
- Bachelor’s degree in Information Security or related field; or equivalent work experience required.
- Experience with JIRA and/or Confluence
- GRC Tooling - Archer, KnowB4
- Knowledge and experience in information security and privacy laws, access, release of information, and release control technologies.
- Knowledge and experience in general electronic health information access, release of information, and release control technologies.
- Ability to analyze the nature and classification of health data and the status of the person or entity requesting the electronic health data. Determine which provisions in HIPAA or security policy apply to the data, determine if other state or federal laws, rules, or regulations are in conflict with the applicable provision of HIPAA or policy; Determine if there are court decisions that address the issue; and recommend procedures or processes that reduce or eliminate the conflicts in law and assure compliance with applicable statutes and/or regulations.
- Demonstrated organizational, facilitation, presentation, and project management skills with excellent written and verbal communication skills.
- Ability to develop and/or modify policies and procedures within the confines of current law and management objectives
BEHAVIORAL AND LEADERSHIP NORMS
- Bright Values: Lives the Bright Values. Is focused on positivity and respect in all service interactions. Is focused on bravery needed to develop a variety skills. Not afraid to ask questions. Focus on the team’s successes, and how to support that effort.
- Collaboration: Is an effective collaborator that works well with the functional team and others in the organization to align on timelines and effective delivery of a project or task. Is solution oriented. Is able to work with different personality types and teammates to overcome differences in opinion and thought to achieve common company goals.
- Delivers Results: Is results oriented. Focuses on results and the best and most efficient avenue for achieving results. Helps to create process and follows process to achieve results. Ensures thorough documentation of work and process. Works with manager on goal setting to ensure timely and high quality work product. Is focused on managing against a predetermined set of objectives.
- Exhibits Curiosity: Focuses on learning about the business at large. Seeks to understand how they can contribute to driving the business forward and how the bigger picture works. Actively participates in his/her own career development.
- Multi-tasking: Balances multiple work projects and tasks at any given time. Alongside manager or appropriate Bright teammate, re-evaluates priorities based on changing company needs to understand what must be done today. Consistently meets deadlines.
- Service Mindset: Has an outlook that focuses on creating customer value, loyalty and trust. Responds promptly to customer and business needs. Goes above and beyond simply providing service, to build relationships with customers and anticipate needs.
- Upward Management: While balancing multiple work projects and tasks, successfully manages expectations with appropriate project owner about capacity, challenges and barriers to success. Is not afraid to ask for help, guidance or feedback.
LICENSURES AND CERTIFICATIONS
- ISACA, GIAC or (ISC)2 Certification preferred.