Security Compliance Analyst
Job Summary
The Security Compliance Analyst, reporting to the Manager of Risk Assessment, provides security and compliance assessment and consulting services for healthcare clients. The role demands a working understanding of information security frameworks, standards, laws, regulations, and protocols. Key responsibilities encompass project management, conducting information security assessments, and advising clients on all matters concerning patient health information protection and regulatory adherence.
About the Role
Reporting to the Manager of Risk Assessment, the Security Compliance Analyst supports the organization's commitment to maintaining secure and compliant healthcare environments. This role requires a strong foundation in information security principles and a deep understanding of relevant laws and regulations.
Responsibilities
Manage assigned client projects, ensuring clear communication, managed expectations, and timely deliverables.
Conduct on-site Information Security and Compliance assessments using Fortified Healthcare tools and methodology.
Assist in developing or providing guidance on Information Security and Compliance policies and processes.
Maintain current knowledge of healthcare security and compliance federal and state laws/regulations, and third-party standards, including HIPAA, HITECH, and HITRUST.
Ensure the organization's adherence to cybersecurity standards and practices, particularly the HIPAA Security Rule and NIST Cybersecurity Framework.
Deliver high-quality, professional client support in information security and compliance via conference calls, on-site meetings, and electronic communications.
Manage client expectations and facilitate engagement throughout the assessment process.
Contribute to enhancing current services or developing new client offerings with leadership input and guidance.
Develop Corrective Action Plans (Risk Management Plans) following Security Risk Assessments. As agreed upon, develop client-requested documentation such as Policies, Procedures, and similar materials.
Identify opportunities within client environments to reduce cybersecurity risks and communicate these internally when applicable.
Assist with client presentations for both technical and administrative audiences.
Possess foundational knowledge and understand output from security systems such as anti-malware, encryption, and vulnerability scans.
Demonstrate basic experience or understanding of report writing and delivery based on security assessment results.
Requirements
Bachelor's degree in Cybersecurity, Information Systems, or equivalent experience preferred.
Minimum of 3 years of experience in information security consulting, assessment, governance, risk, and compliance required.
Prior cybersecurity experience within the healthcare industry preferred.
Understanding of potential and emerging cybersecurity threats, vulnerabilities, and control techniques (technical, physical, and administrative).
Familiarity with security standards, architectures, frameworks, and best practices such as ISO 27001/27002, NIST Cybersecurity Framework, COBIT, and PCI DSS.
Foundational understanding of international, federal, and state regulatory and compliance requirements, including HIPAA, SOX, and GDPR.
Skills
Strong written and verbal communication skills required.
Proven ability to multitask, prioritize, and manage time effectively in a remote setting.
Highly motivated self-starter with a drive to deliver excellence in all tasks.
Security certifications such as Security+, CC, HITRUST, HCISPP, CISSP, CISM, CISA, CEH, GIAC, CHP, and CHPS are preferred.