Compliance Program Analyst

At MCG, we lead the healthcare community to deliver patient-focused care. We have a mission-driven team of talented physicians and technical experts developing our evidence-based content and innovating our products to accelerate improvements in healthcare. If you are driven to enhance the US healthcare system, MCG is eager to have you join our team. We cultivate a work environment that nurtures personal and professional growth, and this is a thrilling time to become a part of our organization. With dynamic roles that offer meaningful impact, you'll be able to fully realize your potential. Plus, you'll enjoy world-class benefits and the security, stability, and resources of our parent company, Hearst, with over 100 years of experience.

As a Compliance Program Analyst, you will work on the Governance, Risk Management and Compliance (GRC) team. The GRC team is part of the MCG’s Security Operations team. This is a crucial role for helping maintain and enhance the company’s security and compliance posture. Success in this position will depend upon effective working relationships with many teams and people, which may include MCG staff, corporate office, clients, and vendors.  

 

You will: 

• Work with stakeholders to create, review and enhance a process to periodically update policies and procedures to ensure they accurately reflect compliance controls/requirements and align to industry leading security practice. 

• Collaborate with internal and external teams to ensure the integrity, effectiveness and efficiency of the compliance program. You will help raise awareness to the Business and IT stakeholders of compliance requirements, regulations and controls. 

• Document, track and report security management and compliance activities and results. 

• Review and complete security and compliance questionnaires from clients and may be required to attend client meetings to address their follow-up requests and questions. 

• Lead company-wide training effort to meet training requirements for security and compliance. 

• Coordinate and conduct internal audits to ensure adequate security requirements are incorporated and policies are followed. 

• Define and identify compliance gaps and provide recommendations (remediation/mitigation) for control process improvements. 

• Manage account and access reviews on a regular basis to ensure compliance. 

• Proactively monitor changes in business processes and provide guidance and support to internal stakeholders. 

• Coordinate and participate in validation and assessment including but not limited to HIPAA, HITRUST and FedRAMP. This entails activities around scope, processes, assessments, documentation, reporting and remediation. 

• Make recommendations on process implementation and changes for improving company’s security and compliance posture. 

• Some domestic travel for meetings and events is required. 

 

What We’re Looking For: 

• 1 to 3 years of information security/compliance working experience. 

• Experience with various security frameworks such as ISO, HIPAA, NIST, etc. 

• Experience with assessments such as HIPAA, HITRUST, FedRAMP, etc. 

• Knowledge of information technologies components such as cloud computing, networking, security, operating system, and database. 

• High proficiency in effective written and verbal communication. 

• Must be quality and results driven, detail and customer service oriented, self-motivated with the ability to work independently and remotely. 

• Able to think strategically and work with people at all levels. 

• Strong research and investigation skills. 

• An ideal team player. 

• Health IT experience is a plus. 

• Security certification such as CISA or CISSP is a plus. 

• Project management experience is a plus. 

 

The above is intended to describe the general content of, and requirements for, the performance of this job.  It is not to be construed as an exhaustive statement of duties, responsibilities, or requirements. 

 

 

Pay Range: $89,600– $125,500 

 

Other compensation: Bonus Eligible 

 

Perks & Benefits:  

💻 Remote work / Hybrid work  

🩺 Medical, dental, vision, life, and disability insurance 

📈 401K retirement plan; flexible spending and health savings account 

🏝️ 15 days of paid time off + additional front-loaded personal days 

🏖️ 14 company-recognized holidays + paid volunteer days  

👶 8 weeks of paid parental leave + 10 weeks of paid bonding leave  

🌈 LGBTQ+ Health Services 

🐶 Pet insurance  

📣 Check out more of our benefits here: https://www.mcg.com/about/careers/benefits/  

 

We embrace diversity and equal opportunity and are committed to building a team that represents a variety of backgrounds, perspectives, and skills. Only with diverse thoughts and ideas will we be able to create the change we want in healthcare. The more inclusive we are, the better our work will be for it. 

MCG Health is a Seattle, Washington-based company and is considering remote candidates with a preference for those located in Seattle.  

 

#LI-Remote 

All roles at MCG are expected to engage in occasional travel to participate in team or company-sponsored events for the purposes of connection and collaboration. 

MCG is a leading healthcare organization dedicated to patient-focused care. We value our employees' unique differences and are an Equal Employment Opportunity (EEO) employer. Our diverse workforce helps us achieve our goal of providing the right care to everyone. We welcome all qualified applicants without regard to race, religion, nationality, gender, sexual orientation, gender identity, age, marital status, veteran status, disability, pregnancy, parental status, genetic information, or political affiliation. We are committed to improving equity in healthcare and believe that a diverse workplace fosters curiosity, innovation, and business success. We are happy to provide accommodations for individuals. Please let us know if you require any support.