Responsibilities

· Support the development and execution of the information security compliance program across security, audit, and regulatory domains.

· Collaborate with Information Security, IT, and Compliance departments to respond to internal and external audits, including HITRUST assessments and PCI DSS.

· Perform control assessments, document compliance evidence, and track remediation activities across infrastructure and application security operations.

· Maintain and organize audit documentation, policies, procedures, and control evidence for recurring readiness reviews.

· Perform Third-Party Risk Management (TPRM) for new and existing vendors, focusing on regulatory requirements around PHI, ePHI, and patient data security. Responsibilities include - Conducting risk assessments to identify vulnerabilities and threats, Ensuring vendors meet regulatory requirements and industry standards through due diligence. Monitoring vendor performance and compliance with security policies. Generating reports on vendor risk status and compliance for internal stakeholders and regulatory bodies.

Required Qualifications:

3+ years of experience in a Security Analyst, IT Compliance Analyst, or Internal Auditor role within an information security or compliance function. Prior experience working in a healthcare environment, healthcare delivery organization, or third-party vendor supporting healthcare clients. Understanding of HIPAA security/privacy rules, HITRUST CSF, and healthcare-specific regulatory requirements. Hands-on experience supporting IT audits or compliance assessments (internal, customer, or third-party). Working knowledge of security tools such as SIEM, endpoint protection, IAM, DLP, and cloud security platforms.

Familiarity with NIST 800-53, NIST CSF, SOC 2, and ISO 27001.

Excellent documentation, organizational, and stakeholder communication skills.

Educational requirements: Bachelor's degree in Cybersecurity, Information Systems, Health Information Management, or a related field.).

Preferred Qualifications

· Industry certifications such as CISSP, CISA, HCISPP, or HITRUST CCSFP are a strong plus.

· Experience with healthcare regulations and standards.

· Knowledge of identity and access management, logging/monitoring, vulnerability management, and incident response processes.

· Experience conducting risk or compliance assessments in cloud-native environments (e.g., AWS, Azure, GCP). Working with GRC platforms (e.g., LogicGate, Auditboard, Drata