Compliance Analyst II

Job Posting Title

Compliance Analyst II

Agency

807 HEALTH CARE AUTHORITY

Supervisory Organization

Business Enterprises

Job Posting End Date (Continuous if Blank)

May 14, 2025

Note: Applications will be accepted until 11:59 PM on the day prior to the posting end date above.

Estimated Appointment End Date (Continuous if Blank)

Full/Part-Time

Full time

Job Type

Regular

Compensation

$62,555 / annual

Job Description

Agency/Division Information

The Oklahoma Health Care Authority (OHCA) works to ensure Oklahomans have access to better health and better care. The agency’s core values include passion for purpose, trust and transparency, empowerment and accountability, best in class and outcome-driven, and servant leadership. As part of the interview process, candidates may be required to attend an in-person interview at our Oklahoma City office.

Position Purpose

The Compliance Analyst II at the Oklahoma Health Care Authority (OHCA) is responsible for ensuring compliance with state and federal regulations while supporting key security and risk management functions. This position provides technical expertise, manages vulnerability assessments, and leads incident response efforts. It plays a critical role in evaluating third-party security documentation, maintaining security policies, and ensuring the effectiveness of compliance programs. The Compliance Analyst II collaborates closely with stakeholders to mitigate risks, enhance security protocols, and maintain the integrity of organizational processes, aligning with OHCA's core values of accountability, transparency, and excellence.

Principle Activities May Include:

• Vulnerability management and monitoring; This includes the use of Nessus for internal report generation and working with vendors to acquire any required metrics.  This also includes activities for penetration testing coordination and phishing tests.  Conduct meetings to address issues for reasonable resolution. 

• Provide technical expertise and analysis; Should balance the team with knowledge and understanding of more technical aspects of systems and security.  Keep aware of current industry trends and news to be more proactive in efforts.  Be able to handle and interpret more technical questions and writing tasks. 

• Security Incident Response; Able to balance tasks and shift focus to handle potentially high priority Issues. Must be able to quickly triage complex situations with limited knowledge and apply knowledge of risk and HIPAA breach rules to properly categorize for escalations.  Must document, follow-up, and coordinate with key stakeholders through resolution.

• Third Party Document Reviews; Support Business Enterprise projects by providing expertise in reviewing security documentation with comments and escalation of any issue identified as appropriate.  May be required to attend project meetings to clarify comments and listen for other security concerns that may need coordination.  Coordination with subject matter experts or stakeholders may be required for detailed issues and resolutions. 

• Coordinate closely with Risk and Compliance Manager to support; Communicate and coordinate effectively with team to identify support needs.  

• Draft and Maintain Security Documentation; This includes, but not limited to, Policy, Standards, Guidance, Incident Response Plan, and System Security Plan.  Documents shall be reviewed annually or during significant changes for updates and maintenance.  Technical concepts should be written at a level commensurate with the audience for the document.

• Other duties as assigned.

Supervisory Responsibilities: This position does not supervise.

Qualifications: To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required.

Knowledge, Skills, Abilities and Competencies

This position requires in-depth knowledge of agency policies, state and federal regulations, and security frameworks such as vulnerability management and incident response protocols. Strong analytical and communication skills are essential for evaluating performance, drafting policies, and coordinating with internal teams and external stakeholders. The position also demands the ability to resolve complex issues while maintaining accountability and organizational alignment, making the Korn Ferry competencies of Ensures Accountability and Tech Savvy highly relevant for success in this role.

Education and/or Experience:

• A bachelor's degree and 1 year of professional or technical administrative* experience in business or public administration

• An equivalent combination of education and experience, substituting 1 year of qualifying experience for each year of the required education.

• *Technical administrative experience would include highly complex clerical work gained under the direct supervision of a professional supervisor or manager.

Preference may be given to candidates with:

• Certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Health Care Compliance (CHC) Certification, Certified Information Systems Auditor (CISA), or HIPAA Certification

• Advanced education in cybersecurity or IT compliance related field

• Strong proficiency in analytical thinking, data analysis and related tools such as MS Excel to identify issues, trends, patterns and other techniques to achieve objectives.  This includes skilled use of formulas, pivot tables, and principles of good design. 

• Strong attention to details.

• Understanding of NIST 800-53 control structures and related System Security Plans.

• Experience in the Healthcare sector and/or HIPAA regulations.

• Able to navigate complex and challenging situations that may have tight deadlines.

• MS Office 365 (Word, Excel, PowerPoint, Access, Teams).

• Able to work independently and with good work ethics.

• Learns and adapts quickly, seeking self-improvement where needed to achieve goals.

• Good organization skills for tracking and prioritizing multiple tasks.

• Understanding of Risk Management concepts and methodology.

• Understanding of Business Continuity and Disaster Recovery Plans and processes.

Physical Demands:

• Must be able to remain sitting for prolonged periods at a desk and working on a computer.
• Must be able to move or lift up to 15 pounds at various times.

Work Environment

The office work environment includes regular exposure to general office equipment such as computer equipment, phones, and copy machines. 

Why You’ll Love Working Here

At the Oklahoma Health Care Authority (OHCA), we’re proud to create a workplace where employees thrive. Named a Top Workplace in Oklahoma for five consecutive years, this achievement reflects the dedication and collaborative spirit of our incredible team. Here's what we offer to support employees and their family:

• Generous state-paid benefit allowance to offset insurance premiums.

• A wide selection of top-tier health insurance plans.

• Optional flexible spending accounts for health care or dependent care expenses.

• Employee Assistance Program (EAP) offering confidential support.

• Wellness benefits, including an on-site gym and fitness center discounts.

• 11 paid holidays annually.

• 15 vacation days and 15 sick days in your first year.

• Retirement Savings Plan with substantial employer contributions.

• Longevity Bonus to reward years of service.

• Public Service Loan Forgiveness eligibility and reimbursement for educational expenses.

• Professional development training opportunities, including CEU support.

Accommodation Statement:

The Oklahoma Health Care Authority complies with applicable State and Federal civil rights laws and does not discriminate.  All qualified applicants will receive consideration for employment without regard to race, color, sex, religion, disability, age, national origin, or genetic information. If a reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact the Civil Rights Coordinator at 405-522-7335. 

Notice to applicants: Please add OHCAHR@okhca.org  to the address book or “safe-senders” list in your email.  All correspondence will come from this address.  Be sure to check your junk folder.  If you have questions about the status of your application, you can contact the HR team at 405-522-7093.

Note: Applications will be accepted until 11:59 PM on the day prior to the posting end date above.

Current State of Oklahoma employees must apply for open positions internally through Workday Jobs Hub. 

Equal Opportunity Employment

The State of Oklahoma is an equal opportunity employer and does not discriminate on the basis of genetic information, race, religion, color, sex, age, national origin, or disability.

Current active State of Oklahoma employees must apply for open positions internally through the Workday Jobs Hub.