Sr. Analyst I, Governance, Risk & Compliance

Job Description:

The Sr. Analyst I, Governance, Risk & Compliance is responsible for protecting sensitive information by performing risk assessments, developing security controls, and conducting employee data security training. This role will also ensure all security systems are current with any software or hardware changes.

• Perform internal audit of controls, risk assessments, incident response investigations, and data security reviews.
• Develop procedures, tasks, controls, and internal audit testing for requirements.
• Assess risk through system security plans, third-party assurance initiatives, and security risk assessments.
• Review and assess programs within ISMP such as Training & Awareness, Third-Party Assurance, Customer Engagements, Policies & Procedures, Compliance and Risk Management.
• Responsible for interfacing with third-party auditors for certification and audit requirements.
• Ensure regulatory and framework requirements are appropriately reviewed and adopted to provide assurances to the Information Security Management Program.
• Participate in data collection, analysis and management for client assessments and client requests.
• Develop report data into presentation to share with administrators about the efficiency of security policies and recommend any changes.

Education Required:

• Bachelor’s degree in Computer Science, Programming, Engineering, or similar field.   
• Or, any combination of education and experience which would provide the required qualifications for the position.

Experience Required:

• 3+ years’ experience in IT, audit, compliance or education program that covers audit, compliance, cybersecurity, healthcare.
• Experience with one or more of the following frameworks: COSO, NIST Cybersecurity Framework, RMF, ISO, COBIT.
• Experience working in an environment with one or more of the following: Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley Act (SOX), Security Operation Center (SOC), Payment Card Industry (PCI), GRC, Health.

License/Certification Required:

• AWS Security Certification, CISA Certification, Security, CISSP, CEH, GIAC (GCFA), HITRUST Framework and CSF certification knowledge. Governance, Risk and Compliance tools.

Knowledge, Skills & Abilities:

• Knowledge of: Security frameworks such as COSO, NIST Cybersecurity Framework, RMP, ISO, COBIT; HIPPA regulations and best practices; third-party auditors; Microsoft Office Suite.
• Skill in: Working as member of a team; communicating effectively; establishing and maintaining effective working relationships.
• Ability to: Work in a fast-paced environment; stay organized, prioritize workload, multi-task, and meet deadlines; liaison with customers as a trusted advisor for security operations and security programs.

The company has reviewed this job description to ensure that essential functions and basic duties have been included. It is intended to provide guidelines for job expectations and the employee's ability to perform the position described. It is not intended to be construed as an exhaustive list of all functions, responsibilities, skills and abilities. Additional functions and requirements may be assigned by supervisors as deemed appropriate. This document does not represent a contract of employment, and the company reserves the right to change this job description and/or assign tasks for the employee to perform, as the company may deem appropriate.

NextGen Healthcare is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.