HHAeXchange
Better Homecare, Better Health
Healthcare • Home Care • Software • Technology • Homecare software
501 - 1000
Senior Security Analyst
July 17
🏡 Remote – New York
HHAeXchange
Better Homecare, Better Health
Healthcare • Home Care • Software • Technology • Homecare software
501 - 1000
Description
• Manage the organization's Security risks, risk registers, and treatment plans. Coordinate with business stakeholders and lead point-in-time and annual security risk assessments on SaaS, IaaS, and PaaS products and solutions. • Lead a team of information security GRC professionals to streamline and accomplish security certifications and attestations covering HITRUST, HIPAA, SOC 1, SOC 2, and NIST 800:53 annually, demonstrating cybersecurity assurance internally and to customers. • Conduct company-wide security training and awareness programs to educate employees on security best practices and reduce the risk of security incidents. • Perform security vendor risk assessments to evaluate and manage third-party security risks, ensuring all vendors meet the company’s security standards. • Handle security inquiries from customers promptly and accurately, enhancing customer confidence in the company’s security posture. • Manage information security audits to assess and improve the company’s security posture and ensure continuous compliance with industry standards and frameworks. This includes user access reviews and other key security measures. • Assist in providing executive and board of directors reporting on the company's security status, initiatives, and risk management efforts to ensure informed decision-making at the highest levels. • Develop and enforce robust security policies and procedures that align with the organization's goals and objectives, ensuring comprehensive security coverage and compliance across all products.
Requirements
• 5-8 years of experience within Information Security/Governance • 3+ years of experience in effectively analyzing data and programs for security risk, compliance, and maturity. • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred. • A degree in Computer Science, IT, Systems Engineering or a related qualification, certification, or experience. • Expertise with at least one major cloud service provider, AWS preferred. • Strong knowledge on Security frameworks and technologies such as HITRUST, NIST 800:53, and SOC2 are required. • Strong knowledge of risk management principles and practices is required. • Technical writing experience is required. • Business Intelligence/Analytics (Tableau or PowerBI) is preferred. • Prior IT Security experience in the healthcare industry experience is preferred. • Ability to communicate an effective security awareness message throughout the organization. • Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents.
Benefits
• Travel up to 10%, including overnight travel
Apply Now
