Security Compliance Analyst
KPi-Tech Services Private Limited
Location
Work from home | India
Job description
Security Compliance Analyst
Job Summary: Security Compliance Analyst to assist in the service delivery of annual HIPAA and NIST Risk Assessments of healthcare providers and to assist in the third-party risk assessments of a healthcare's business associates, (aka; vendors or suppliers). This role requires a strong working knowledge of information security, cybersecurity frameworks, policies, standards, laws, regulations, and protocols. The role includes responsibilities that include information security assessment, and third-party risk assessments related to current state cybersecurity risk analysis, critical data protection and regulatory compliance of patient health information.
Essential Job Functions: • Assist with the delivery of security and compliance assessments utilizing Fortified Healthcare Solutions tools and methodology.
• Assistance with information security and compliance policy and process review, construction and/or guidance.
• Maintaining working knowledge of healthcare security and compliance requirements, federal and state laws, regulations and third-party standards; including but not limited to NIST, 405(d), PCI-DSS, HIPAA Security & Privacy Rules, HITECH, and HITRUST.
• Providing high quality security and compliance support via Fortified technology enabled platform, team meetings, web conference calls, meetings, and other electronic communication methods.
• Effective service delivery, management of expectations and facilitate engagement throughout the course of a given assessment.
• Contribute efforts to enhancing current service delivery capabilities with guidance and input from engagement lead, engagement team and management.
• With guidance, have working knowledge and capability to construct a Corrective Action Plans (Risk Remediation or Risk Management Plans) as a follow-on component of a Security Risk Assessment.
• With guidance, have working knowledge and capability to review and provide control compliance feedback on provided client documentation such as Policies, Procedures, and similar documentation that client may provide as evidence to a given security, privacy, or compliance-based control.
• Assist with the identification of opportunities within a client environment to reduce Job Summary Essential Job Functions 3 cybersecurity risks and mature a clients cybersecurity program.
• Assist with client the assembly of client presentations to technical, administrative, and executive audiences.
• Must have basic foundational knowledge and understand of healthcare systems and technologies, such as Anti-malware, Encryption, Vulnerability Management, Networking, Authentication and Authorizations, Identity and Access Managements, and basic knowledge of electronic health records management systems.
• Prior experience in control-based assessments, observations, and report writing associated with annual risk assessment and third-party risk assessment services.
Knowledge & Skills: Education & Experience
• Computer Science Degree, Management Information Systems Degree or equivalent experience.
• At least 3 years, preferred 5 years, Information Security Consulting experience; focus in Healthcare preferred.
• Understanding of potential and emerging cybersecurity threats, vulnerabilities, and techniques used in governance risk and compliance to include technical, physical and administrative controls.
• Foundational understanding of Security Standards, Architectures, Frameworks and Best Practices such as ISSA, ISO27001/27002, NIST Cybersecurity, COBIT, SABS, NIST, PCI DSS; preferred.
• Foundational understanding of International, Federal and State regulatory and compliance requirements such as HIPAA, SOX, GDPR, and PCI DSS
Special Skills & Knowledge • Strong communication both written and oral in US English language.
• Able to multi-task, prioritize, and manage time effectively.
• High-energy self-starter that seeks to deliver excellence, no matter how small the project.
• Licenses, Certifications, Accreditation, and Associations
Requirements: Supervisory Responsibility • Security certification such as HITRUST, CISSP, CISM, CISA, CEH, GIAC, CHP, CHPS optional.
Working Conditions & Travel Requirements • Travel as needed.
Benefits: • Health Insurance.
• Employee reward programs.
• Employee Skill development programs.
Job tags
Salary
