Information Security Analyst

Overview

The Information Security Analyst will support the Sr. Manager of Security Audit in developing, implementing, and monitoring a comprehensive information security audit program. This program includes HITRUST, SOC 2, and other relevant security assessments. The ideal candidate will have 3-5 years of IT audit experience, with specific experience in HITRUST and SOC 2, preferably within the health industry.

Responsibilities

• Assist in leading security audit efforts across the enterprise to ensure the successful delivery of HITRUST certifications and the implementation of HITRUST and SOC 2 requirements across our platforms.
• Help formulate the tactical and strategic direction of the information security audit program, addressing emerging requirements, automation, gap remediation, and continuous monitoring.
• Contribute to the development of a continuous monitoring program that informs the success of future audits and identifies control gaps.
• Work under the guidance of leadership to mentor junior information security personnel and support their professional growth while maturing the information security audit program.
• Effectively communicate across all levels of the organization and produce deliverables for the Leadership Team.
• Promote and support cyber security as an enabler of core business processes, educating teams on security findings, vulnerabilities, remediation measures, and security programs.
• Prescribe security improvements to resolve or mitigate security findings or enhance the security posture to achieve compliance with all security initiatives.
• Lead innovation efforts to increase efficiencies and automate manual security audit processes.
• Build a network of positive relationships throughout the organization to leverage in accomplishing the broad requirements of this position.
• Provide HITRUST and SOC2 control advisory services on the company’s various projects.
• Offer strategic guidance and expertise on executing audits by applying knowledge of best practices to ensure proper strategic alignment.

Qualifications

• Bachelor’s degree in a technology discipline or equivalent professional experience required.
• 3-5 years of Information Security, IT Risk Management, IT Audit, or similar experience.
• Works independently and requires minimal supervision.
• Efficacious technical skills with hands-on experience in assessing technical security controls.
• Strong organizational skills and ability to communicate effectively with business stakeholders.
• Working knowledge of GRC tool such as Auditboard, RSA Archer, or similar preferred.
• HITRUST CCSFP, CISA, CISM or similar security certification preferred

Base compensation ranges from $80,000 to $112,000. Specific offers are determined by various factors, such as experience, education, skills, certifications, and other business …