Security and Compliance Lead

About BHI:

BHI is a data and analytics company and helping health plans, researchers, healthcare providers, employers, and government agencies use data to improve the health outcomes, promote value-based care, and address health equity and increase the value of care provided. We leverage the industry’s most comprehensive and highest quality commercial data assets combined with advanced analytics, AI/ML, and deep healthcare expertise to collaborate with our customers to produce measurable outcomes and value.

Based on our continuing growth, and the increasing value our team is producing in partnership with our customers, we are growing team and are looking for someone to lead this effort with us.

Position Summary

The Security Audit and Compliance Lead will be a proactive member of the Information Security and Compliance team with a strong background and track record of assessing and improving IT control environments. The individual will work with external auditors to execute SOC2 audits, assess internal compliance activities and identify and recommend process improvements. This individual will also conduct technical audits of security safeguards and risk assessments of third parties and is responsible for endpoint security monitoring and administration. From a prioritization perspective, this role is expected to dedicate 80% of its time on audit and compliance related responsibilities.

Job Responsibilities

Information Security

Liase with external vendors and internal resources to address security events and alerts.
Lead and manage threat and vulnerability management program.
Lead and manage endpoint protection program including anti-virus, detection and response capabilities.
Lead, plan, and manage implementations of security solutions tied to key security initiatives.
Assess and respond to information security alerts.
Identify, document and report on metrics and trends within assigned information security programs.
Monitor and respond to NG anti-virus controls and operating procedures.
Monitor and respond to EDR, identify control process and own solution internally interacting with DG MSSP (runbook)

Compliance

Lead and manage compliance audits.
Lead controls assurance and information security policy management.
Responsibility for execution of security awareness trainings.
Execute on BHI’s IT compliance plan to ensure an effective internal control environment for SOC2 and other regulatory requirements.
Review and assess IT application security controls.
Track remediation of IT controls to completion based on recommendations for improvement.
Lead and assist with initiatives to improve BHI’s Cybersecurity maturity.
Assist with monitoring and reviewing access management.
Assist with information gathering and follow up requests for 3rd party auditors.
Assist with Disaster Recovery and Business Continuity assessment and assurance.
Track and keep management up to date on progress of remediation tasks.
Assist with vendor risk management program.
Assist with Due Diligence Questionnaire request for all potential vendors.
Manage assigned projects to completion communicating status and adjustments to deadlines.
Reviews and understands the Employee Handbook, and internal policies that define individual security responsibilities, and maintains segregation of duties in accordance to their role requirements.

Job Requirements

7+ years of combined experience in the fields of Information Systems, Compliance and/or Security
Is familiar with SOC 2 compliance and its impact on company policies and processes.
Understands importance of adhering to SOC 2 requirements, and maintains an effort to do so
Knowledge of infrastructure, network communications, and protocols
Bachelor’s degree in information systems or related discipline
CISA certification or willingness to obtain preferred
Working knowledge of information security and computer network, server, database, and user access technologies.
Experience with third party risk management, IT Change Management, and Service Level Management preferred.
Knowledge of Policy Lifecycle Management preferred.
Knowledge of HIPAA regulations or willingness to learn.
Knowledge of Lean Six Sigma and the NIST CSF preferred.
Self-starter who demonstrates initiative and displays a high energy level.
Strong organizational, prioritization and process improvement skills.
Effective verbal and written communication skills including ability to develop presentations summarizing analysis and synthesis/recommendations, catering to the specific audience.
Ability to identify areas for improvement and present and implement viable solutions.
Strong problem-solving skills that model clear, analytical thinking and sound judgment.

Equal Employment Opportunity It is the policy of BHI to provide equal employment opportunity and advancement opportunities to all colleagues and qualified applicants for employment without regard to race, color, religion, national origin, sex, age, disability, sexual orientation, gender identity, or any other classification protected by the federal, state, or local laws.

Tags

Apply to job