Collaborate with the engineering departments to implement security controls from approved security frameworks and drive best IT practices.
Interface with internal partner teams to help drive best practices and compliance.
Evaluate and perform Risk Assessments of new software solutions with internal partners.
Drive deployment of new systems/solutions as needed.
Write procedure documentation for end users as needed to facilitate process improvement.
Help develop IT security training content and drive completion of required security training in collaboration with Human Resources.
Respond to complex security questionnaires, RFP/RFI requests, and client audits.
Facilitate end-to-end evidence gathering for external audits, ensuring all technical and administrative artifacts align strictly with security control requirements and regulatory frameworks.
Evaluate, identify, and remediate the risks associated with current vendors, new vendor acquisitions, and consumer data exchanges.
Perform risk oversight tasks of vendor security compliance.
Help run internal, external and vendor related audits.
Conduct security analysis of deployed software.
Monitor for risks to the enterprise and to implemented controls.
Identify, maintain, and publish the requirements for the IT department to achieve compliance and privacy standards in SOC 2, HITRUST, FedRAMP, and other frameworks.
Work with the internal team in communicating related security notifications and IT controls within the organization while collaborating with teams and vendors on changes, remediations, and updates.
Experience with incident management Drive use cases to enable threat detection and hunting based on threat intelligence frameworks.
Experience with Agile and/or Kanban with emphasis on Scrum to drive continuous process improvement.
Perform Access Reviews.

Requirements

Experience related to duties and responsibilities.
Experience working in Governance, Risk, and Compliance.
A customer-oriented approach to problem resolution.
Experience with IT control auditing and compliance.
Working knowledge of Software Development Lifecycle concepts and processes.
Working knowledge of cloud providers with respect to IT Security & Compliance controls and practices.
General knowledge of frameworks and controls: NIST 800-53, FedRAMP, HITRUST, SOC 2, PCI, ISO 27001.
General knowledge of HIPAA and the requirements to protect PHI.
Ability to communicate concepts in a concise form to management and cross-functional teams verbally, in writing, and through pictures or diagrams when appropriate.
Excellent written, oral, instructional, presentation, and interpersonal skills focused on motivation and positive attitude.
Highly self-motivated with the ability to prioritize tasks and work independently.
Ability to work quickly and efficiently.
Desire to work at a rapidly growing organization in healthcare.
Experience working with remote users in a distributed environment.
Experience with Office 365 suite, Atlassian suite, Vanta (or other GRC tools).
Experience with any major cloud platform (AWS, Google, Azure) is preferred.

Benefits

All employees are responsible for adherence to the Capital Rx Code of Conduct including the reporting of non-compliance.
This position description is designed to be flexible, allowing management the opportunity to assign or reassign duties and responsibilities as needed to best meet organizational goals.
Judi Health values a diverse workplace and celebrates the diversity that each employee brings to the table.
We are proud to provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, medical condition, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

Risk AssessmentsIT control auditingSecurity analysisIncident managementAccess ReviewsSoftware Development LifecycleThreat detectionCompliance controlsSecurity frameworksProcess improvement

Soft Skills

Customer-oriented problem resolutionCommunicationWritten skillsPresentation skillsInterpersonal skillsSelf-motivatedPrioritizationIndependenceEfficiencyMotivation

Certifications

SOC 2HITRUSTFedRAMPNIST 800-53PCIISO 27001HIPAA