Description:

Job Title: Security Analyst II

How will this role have an impact?

The Governance, Risk & Compliance team is responsible for identifying and documenting Information Technology (IT) risks, analyzing vendor and supplier risk, sharing the Signify Health security-related activities with customers, and ensuring Signify Health’s continued compliance with relevant standards (HITRUST, SOC2, SOX etc.).

The Senior GRC Analyst will primarily support and lead the HITRUST and SOC 2 programs, as well as any additional compliance efforts that arise. The Senior GRC Analyst  will work directly with external auditors and internal stakeholders in order to meet the various requirements of our compliance needs. The Senior GRC Analyst will report into the Information Security Manager.   The team’s primary objective is to oversee and manage all Security Compliance and Certification efforts such as HITRUST, HIPAA, and SOC 2.

Diversity and Inclusion are core values at Signify Health, and fostering a workplace culture reflective of that is critical to our continued success as an organization.

What will you do?

●    Support Internal Stakeholders in understanding and meeting compliance requirements
●    Perform internal gap assessments to prepare for upcoming audits
●    Work directly with external auditors to intake DRLs, and schedule interviews with SMEs
●    Build and maintain relationship with various stakeholders in order to reduce audit fatigue of internal stakeholders
●    Ensure all findings, CAPs, and exceptions are assigned out and their remediation efforts are transitioned into our Security Risk Management program
●    Streamline and create audit efficiencies to manage HITRUST, HIPAA and SOC 2 audit activities.
●    Support other Information Security activities, as assigned.
●    Perform control mappings and evidence mappings to create efficiencies and maximize evidence reuse
●    Provide support to other GRC programs, as needed.

We are looking for someone with:

●    Strong knowledge of HITRUST, HIPAA and SOC 2 compliance requirements.
●    A Bachelor’s degree in a related field.
●    Understanding of risk assessment methodologies, frameworks and industry standards: E.g., ISO 27001, NIST.
●    Proven ability to understand and interpret Legal, Regulatory and contractual compliance requirements.
●    Attention to details, and ability to guide stakeholders through requirements
●    Strong project management, verbal and written communication skills, and excellent relationship building skills.
●    3+ years experience for information security, risk management and compliance activities.
●    Professional certifications (CISSP, CISA, CISM or CASP).

About Us:

Signify Health is helping build the healthcare system we all want to experience by transforming the home into the healthcare hub. We coordinate care holistically across individuals’ clinical, social, and behavioral needs so they can enjoy more healthy days at home. By building strong connections to primary care providers and community resources, we’re able to close critical care and social gaps, as well as manage risk for individuals who need help the most. This leads to better outcomes and a better experience for everyone involved.

Our high-performance networks are powered by more than 9,000 mobile doctors and nurses covering every county in the U.S., 3,500 healthcare providers and facilities in value-based arrangements, and hundreds of community-based organizations. Signify’s intelligent technology and decision-support services enable these resources to radically simplify care coordination for more than 1.5 million individuals each year while helping payers and providers more effectively implement value-based care programs.

We are committed to equal employment opportunities for employees and job applicants in compliance with applicable law and to an environment where employees are valued for their differences.

To learn more about how we’re driving outcomes and making healthcare work better, please visit us at www.signifyhealth.com.