Security Compliance Analyst || Fulltime Role || Columbia, Md (Hybrid)

Hi

This is regarding to a position of a Security Compliance Analyst

Title: Security Compliance Analyst

Location: Columbia, MD (Hybrid)

Duration/Type: Fulltime Permanent Role

• Manage the third party certifications/audits (HITRUST and SOC 2) from pre-planning through audits and remediation.
• Implement and maintain the HITRUST certification framework across the organization.
• Develop a compliance calendar for necessary updates, assessments, and recertifications.
• Work closely with various departments such as IT, HR, legal, and operations to ensure understanding and adherence to compliance requirements.
• Conduct periodic audits and reviews of internal processes to identify control weaknesses and recommend corrective actions.
• Develop a framework to streamline evidence collection and monitor compliance on an ongoing basis.
• Assist the Chief Information Security Officer (CISO) in developing and implementing an enterprise-wide governance, risk management, and compliance program.
• Act as the main point of contact with the third-party HITRUST/SOC 2 assessor, facilitating the assessment process, and addressing any identified gaps.
• Respond to Security and compliance-related queries in RFPs from prospect clients.
• Conduct regular risk assessments to identify potential vulnerabilities, assess the impact of risks, and develop mitigation strategies.
• Track and report on compliance metrics, issues, and trends to senior management and relevant stakeholders.

Required Skills & Experience

• A minimum of 5 years' experience in IT Security.
• Strong working knowledge of NIST 800-53, NIST 800-171, FedRAMP, GDPR, HIPAA or other compliance frameworks.
• Experience with third party audits (HITRUST, SOC 2, FedRamp, ISO 27001, etc,)
• Experience in general security practices and implementation of security controls
• Ability to implement information security requirements for IT systems through the Risk Management Framework (RMF)
• Experience with data analysis using tools like Sumologic, Splunk.
• Experience in cloud technologies such as Microsoft Azure or Amazon Web Services.
• Familiarity with security tools and technologies such as intrusion detection systems (IDS), firewall management, vulnerability assessment tools, etc.

Welldoc operates in ISO 13485 and MDSAP regulated and HITRUST and SOC 2 Type II compliant environments. Therefore, it is expected that all employees will have either, prior experience working in those environments or, will be trained to understand the requirements needed to work and support those requirements and culture as they relate to individual roles and responsibilities.

Required Education

• Bachelor’s degree in computer science, Information Technology, or a technology related field

The following are preferred certifications:

• Security +
• CISSP
• CCSP
• CISA
• CISM

Job Types: Part-time, Contract

Pay: $45.00 - $60.00 per hour

Schedule:

• 8 hour shift

Work Location: In person