Microsoft 365

Analyst, Healthcare Compliance

Microsoft 365

full-time

Posted on:

Origin:  • 🇺🇸 United States • Tennessee

Visit company website
AI Apply
Manual Apply

Job Level

Mid-LevelSenior

About the role

  • Maintain audit readiness for SOC 2 Type II, HIPAA, and NCQA by coordinating evidence collection, tracking controls, and preparing documentation.
  • Conduct and support internal audits, risk assessments, and remediation planning to close identified compliance gaps.
  • Draft, review, and update compliance policies and procedures; ensure alignment with HIPAA Privacy & Security Rules and SOC 2 control requirements.
  • Monitor compliance dashboards, audit logs, and control evidence to ensure timely execution of control activities.
  • Partner with external auditors, regulators, and accreditation bodies during reviews, providing required documentation and responses.
  • Support vendor due diligence and Business Associate Agreement (BAA) compliance reviews; maintain third-party risk documentation.
  • Collaborate with IT Security to ensure identity/access controls, endpoint protections, and data governance align with HIPAA and SOC 2.
  • Track regulatory changes (HIPAA, HITECH, NCQA, state/federal healthcare regulations) and assess organizational impact.
  • Deliver compliance training and awareness programs for employees, contractors, and vendors.
  • Support incident response activities, including investigation, documentation, and reporting of potential PHI breaches or compliance events.
  • Partner with stakeholders to gather requirements for compliance-driven initiatives (e.g., secure data integrations, PHI workflows, audit reporting).
  • Document processes, workflows, and use cases that demonstrate compliance alignment for IT and operational teams.
  • Translate compliance obligations into system requirements and specifications for IT/security implementation.
  • Participate in UAT (User Acceptance Testing) and system validation to ensure compliance-related requirements are met.
  • Develop compliance-related reporting dashboards (e.g., audit status, control evidence, incident tracking).
  • Maintain knowledge base documentation, SOPs, and internal IT training resources.
  • Participate in change management, incident response, and problem management processes in alignment with Compliance best practices.
  • Participate in, adhere to and support compliance and diversity, equity, and inclusion program objectives.
  • Other duties as assigned.

Requirements

  • Bachelor’s degree in Healthcare Administration, Compliance, Business, Information Systems, or related field required.
  • Certified HIPAA Privacy or Security Professional (CHPC, CHC, or equivalent).
  • Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC).
  • NCQA compliance program training/certification (preferred).
  • ITIL Foundation, CompTIA Security+, or equivalent compliance/security certifications beneficial.
  • 3-5 years of compliance or audit experience in healthcare, PBM, pharmacy, or related regulated environment.
  • Strong knowledge of HIPAA Privacy & Security Rules, SOC 2 Trust Service Criteria, and NCQA accreditation standards.
  • Experience supporting internal and external compliance audits, risk assessments, and remediation efforts.
  • Familiarity with IT security principles, privacy frameworks, and vendor risk management.
  • Exposure to business analysis practices: requirements gathering, process documentation, and workflow mapping.
  • Working knowledge of IT security principles, compliance frameworks (SOC 2, HIPAA), and endpoint protection tools.
  • Experience with GRC platforms, compliance management systems, or audit tracking tools.
  • Experience with Jira, Confluence, Visio, Lucid chart, Power BI, Excel.