Security & Compliance Analyst

Med-Metrix

Any Location, NJ

Category Security

Remote

Job Description

The Security & Compliance Analyst will be responsible for Security Governance, Risk, and Compliance (GRC) within the organization, participating in annual audits and interacting with customers as needed, prioritizing and tracking security and compliance risk issues, guiding internal and external stakeholders on mitigation, identifying risks that increase loss probability and communicating the posture to leadership.

Requirements

Support the development, update, revision, and/or implementation of security and compliance policies, procedures, practices, and metrics
Manage and support audit engagements (e.g., HIPAA, SOC 2, HITRUST), the audit request lists and ensure requests are being fulfilled by stakeholder management
Implement, monitor, and continuously improve the HIPAA Training & Security Awareness Program
Conduct third party risk assessments and vendor management to ensure all vendors are vetted and approved, onboarded according to defined policy/process, and have proper ongoing oversight to ensure Security and Regulatory compliance
Ensure effective risk management controls for the entire infrastructure, including but not limited to endpoints, mobile devices, servers, cloud services and tools, etc.
Maintain a risk register
Analyze and provide guidance for exception and non-standard software requests
Coordinate Strategic Response Training and conduct Incident Response tabletop exercises
Investigate, document, and remediate Security Incidents, including but not limited to SOC, MDR and other security controls alerts
Support the Sales process, including addressing customer security questionnaires and interfacing with client security teams
Respond to Customer Security Assessments and inquiries.
Ensure compliance with Customer Requirements
Perform other related duties as assigned

]]>