Senior Information Security Compliance Analyst

Surescripts serves the nation through simpler, trusted health intelligence sharing, in order to increase patient safety, lower costs and ensure quality care. We deliver insights at critical points of care for better decisions — from streamlining prior authorizations to delivering comprehensive medication histories to facilitating messages between providers.
 

Job Summary 

The Senior Information Security Compliance Analyst manages and leads the coordination of internal and external audit activities integral to audit success, including the collection of evidence artifacts. They will assist with maturing the enterprise risk program. The Senior Information Security Compliance Analyst has a thorough understanding of common security frameworks and practices. They will lead the update and maintenance of information security policies, standards, & procedure documents. The individual assists in the management of the Customer Security Response service by providing responses to customer requests on behalf of Surescripts security. The Senior Information Security Compliance Analyst assists with the management, execution, and development of information security awareness content to improve employee information security awareness and understanding of security policies to reduce company risk.  

 

Responsibilities 

• Lead the coordination of internal and external assessments & certification activities integral to audit success.  

• Participate in information security compliance assessments such as HIPAA & HITRUST. Catalog evidence in the GRC system for new requirements.  

• Manage and maintain the evidence locker in the GRC tool.  Ensure all artifacts are updated by evidence owners. 

• Track and ensure all compliance Gaps and Corrective Action Plan (CAPs) are addressed in a timely manner. 

• Review & update information security procedures, controls, and related evidence with stakeholders for completeness. 

• Assist with maturing the enterprise risk program across Surescripts. 

• Work with risk champions on developing and attaining POAMs.  

• Maintain enterprise risk reporting.  

• Provide enterprise risk training and guidance.  

• Utilize enterprise risk playbook & add to it as appropriate. 

• Independently manage customer requests for information on Surescripts Information Security. 

• Provide outstanding customer service to internal stakeholders by answering questionnaires submitted by customers within 7 business days. 

• Understand the complex set of Surescripts customer solutions and security controls to synthesize the knowledge into clear and simplified answers. 

• Analyze new requests and collaborate with internal teams to provide succinct answers. 

• Assist in the management and development of information security awareness materials and campaigns. 

• Present security awareness content that targets improving employee 

understanding of information security and their role to help keep       Surescripts secure. 

• Create monthly phishing awareness campaigns. 

• Create content and configure delivery for applicable Security Awareness training. 

• Create and execute annual Cyber Security Awareness Month campaigns. 

• Work collaboratively with the Surescripts Privacy Officer and Compliance team to deliver privacy content and assist with coordination of governance rollout. 

• Assisting with the administration of the Learning Management System, as required. 

• Ownership of work & collaboration. 

• Effectively manage competing priorities & communicate workload. 

• Work closely with project sponsor, cross-functional teams, & assigned project managers to plan scope, deliverables, required resources, work plan, budget, and timing for projects. 

• Identify key requirements needed from cross-functional teams and external vendors.  

• Manage the review, update and approval of all Security governance documents annually. 

 Qualifications 

Basic Requirements: 

• Bachelor’s Degree in a field related to Information Security, Computer Information Systems, or equivalent relevant experience. 

• 5+ years of experience in relevant, progressive information security compliance roles. 

• Must have experience coordinating external security assessments, in one or more of the following HIPAA, HITRUST, SOC-2, DirectTrust / EHNAC, etc. 

• Experience with GRC Platforms such as OneTrust. 

• Technical writing skills and proven ability to communicate to a broad audience of employees. 

• Strong Microsoft Outlook / Office skills (Word, Excel, PowerPoint). 

 

Preferred Qualifications: 

• Working knowledge of HIPAA and other healthcare related standards or regulations. 

• Experience with document management processes or systems. 

 

Keywords: external audit, external assessments, information security compliance, OneTrust, HITRUST, SOC-2, DirectTrust, information security risk 

#LI-REMOTE

Surescripts embraces flexibility through its Flexible Hybrid Work model for most positions. This model allows employees to work virtually while still utilizing our offices as collaboration centers. With alignment and agreement from your leadership, you can come and go from the office as needed.
 

What You’re Like 

You’re technical. Analytical. Imaginative. Maybe you’re building your own crypto-mining rig—or not. Either way, your mind works to anticipate vulnerabilities and protect the company and its information against those vulnerabilities. You do the right thing because it’s the right thing without seeking to point fingers or brag. And of course, you’re always willing to keep learning. 
 

What We’re Like

We’re a team of friendly folks who do serious work. Our best work is done by rising to the occasion under stress, but we keep each other cool under pressure. We’re a tight team but we also look for ways to partner across the business. Our style is casual and laid back, but we shoulder our responsibility to protect patient data from sophisticated adversaries, which sometimes means delivering a difficult truth.
 

What the Work is Like

Our challenge is to protect our customers’ data and our company. This requires anomaly analysis, risk reviews, pen testing of our controls, red-teaming and tabletops, policy and procedure work, documentation, and audits. We also engineer and maintain our security products and tools. It’s not always a typical 9-to-5 gig, of course, but then again, you work in information security, so you already know that.
 

Why Wait? Apply Now

We’re a midsize company. This means you’re not just another employee ID number. Here, you can build real relationships and feel supported by truly awesome people with diverse backgrounds and talents in an innovative and collaborative work culture. We strive to create an environment where you can be yourself, share your ideas and work your way. We offer opportunities for employee development, as well as competitive compensation packages and extensive benefits.
 

At Surescripts, base pay is one part of our Total Rewards Package (which may also include bonus, benefits etc.) and is determined within a range. The base pay range for this position is $100,700 - $123,100 per year. Your base pay may vary within or outside of this range depending on a number of factors, including (but not limited to) your qualifications, skills, experience, and location.

Benefits include, but are not limited to, comprehensive healthcare (including infertility coverage), generous paid time off including paid childbirth and parental leave and mental health days, pet insurance, and 401(k) with company match and immediate vesting. To learn more, review the Keep You and Yours Healthy, Balancing Work and Life, and Where Talent Takes Shape links under the Better Benefits. Better Work. Better Life section of our careers site.
 

Physical and Mental Requirements

While performing duties of this job, an employee may be required to perform any, or all of the following: attend meetings in and out of the office, travel, communicate effectively (both orally and in writing), and be able to effectively use computers and other electronic and standard office equipment with, or without, a reasonable accommodation. Additionally, this job requires certain mental demands, including the ability to use judgement, withstand moderate amounts of stress and maintain attention to detail with, or without, a reasonable accommodation.

Surescripts is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate on the basis of race, color, religion, age, national origin, ancestry, disability, medical condition, marital status, pregnancy, genetic information, gender, sexual orientation, parental status, gender identity, gender expression, veteran status, or any other status protected under federal, state, or local law.