Back to Results
IT Security Compliance Analyst
Location: Columbus, OH
For more than 18 years, CareWorks Tech has been delivering technology solutions that drive results. As your advocate, the common thread across our associates is crafting the right tech-savvy solutions. Whether it’s IT Consulting, Infrastructure Services, Security, Enterprise Service Management or Interactive, we’re all about finding solutions that advance your career aspirations. Our ongoing client relationships speak to our long-term collaborative partnerships.
Position Description: The Security and Compliance Analyst reports directly to the Security Officer and will be responsible for day to day activities in implementing the corporate information security and compliance program. The individual will also assist in maintaining audit and compliance initiatives to ensure that corporate policies, standards, procedures, and audit activities are in alignment with business, IT, and regulatory requirements. Success in the role will be measured by the effectiveness of the implementation of information security and compliance directives. The overall purpose of this role is to drive both information security and compliance initiatives. The individual will perform internal and external security compliance monitoring activities, managing client audits, IT control audits, and security risk assessments. This role will assist in the management of key compliances such as NIST, HIPAA, FedRAMP, PCI, ISO27001, HITRUST, and internal policies and standards.
Essential Duties and Responsibilities:
- Develop and maintain vendor and client relationships
- Oversee information security compliance standards, including daily, weekly, quarterly and/or annual security risk assessments
- Establish and maintain security & controls policies and procedures in accordance with federal regulations
- Assist in response to regulatory security assessments and questionnaires
- Assist with development and execution of a company-wide disaster recovery and business continuity plan
- Research new security compliance requirements and assist in the evaluation of compliance control requirements.
- Perform internal compliance assessments, monitoring activities, audits, and control testing
- Report security control related metrics and effectiveness
- Manage client audits and track corrective actions to completion.
- Perform both internal and service provider risk assessments.
- Evaluating, designing, testing, and recommending new or improved controls to keep FUSE current with industry standards and compliance requirements.
- Interact with leadership regarding information security risks, controls, and audit requirements.
- Managing corrective action logs and ensuring issues are assigned priority and closed out in a timely manner
- Collaborate with organizational teams to design and deliver training initiatives that promote the development of staff as it relates to available technology
- Educating product owners and development teams on data security requirements
- Any other duties that may be required as assigned
- Experience participating in regulatory security audits; HIPAA or HITRUST preferred
- Experience conducting needs assessments and identifying/implementing appropriate solutions
- 3 years information security and compliance experience across a wide base of disciplines including:
- Metric reporting
- Project management
- Customer support and account management
- Audit management and internal audit standards
- Process control design and testing methods
- Risk assessment tools
- Business Continuity and Disaster Recovery methodologies
- Governance frameworks including NIST, ISO27000, FedRAMP, PCI, and HITRUST
- Strong personality ability and credibility to influence leadership, key decision-makers, and highly technical resources
- Strong subject matter credibility Must have knowledge and ability to take a practical/business-relevant approach to security and compliance, resulting in a practical yet compliant security program
- Ability to make security and compliance real and practical within the business, including investment of necessary time and energy in training and policy/procedures
- Experience working in an Agile environment is preferred
- Ability to directly work with peer groups, customers and suppliers to understand needs and requirements
- Good verbal and written communications
- Team Player and Collaborative – Ability to work well with team members to achieve the desired results
- Driven and self-motivated to learn new technologies and achieve objectives
- Ability to work independently
- Ability to multi-task
- Good organization skills
- Excited, interested and engaged in the area of security and compliance and our business
- Demonstrate ability to take initiative and accountability for achieving results
- Strong oral and written communication skills
- Works effectively as part of a team
- Customer-driven to understand and appropriately respond to customers’ business needs
- Up to 25% travel
Education and Certifications
- BS in Computer Science or equivalent experience
- (ISC)2 – CISSP, CSSLP, ISSAP, ISSEP, HCISPP
The CareWorks Family of Companies is committed to providing career opportunity and growth to all Associates without regard to race, color, religion, sex, national origin, age, marital or veteran status, medical condition or disability.
CareWorks Tech | Strategically-Led Technology Solutions
5555 Glendon, CT
Dublin, OH 43016
Thank you for considering CareWorks Tech for your next career opportunity. CareWorks Tech is not your typical technology company. We are part of the CareWork’s family of companies which is one of Ohio’s largest managed care organizations, serving over 115,000 employers and owned by York Risk Services Group. We have 4 guiding principles: (1) Customer Commitment (2) Attitude of Service (3) Respect for the Individual and Team and (4) Exceeding Expectations. We invest in your training, professional development, benefits (medical, 401k, paid holidays/vacation, etc.) and personally focus on your career success. We have operations in 85 locations worldwide and employ 5,000+ people.