Description
At NRC Health, we promise to help our customers bring Human Understanding to healthcare for their patients and communities. Our associates are at the heart of delivering that promise, so we promise that same Human Understanding to each other. Come where culture is everything.
Our associates. . .
Have Purpose – we do work that matters for our partners, the community, and the healthcare industry.
Innovate with us to move healthcare forward.
Give back to the community with paid volunteer time off.
Think Boldly – we have big ideas and are empowered to “think like an owner.”
Fit your role and do what you love.
Grow and develop along a career path designed by you.
Feel Connected – our favorite thing about our workday is each other.
Support one another – no one says, “That’s not my job.”
Celebrate with each other at bee r :30, virtual events, and company gatherings.
Be Understood – we are each unique and want to live our best lives at work and home.
Let life happen with My Time Off, a form of unlimited vacation, and up to 12 weeks paid for parental and emergency leave.
Live healthy with complimentary lifestyle and financial coaches, a wellness program , and a comprehensive insurance plan.
Who we want
- Do you have a strong focus on accuracy and thoroughness?
- Are you able to manage multiple projects and deadlines simultaneously?
- Do you have strong interpersonal skills with the ability to work collaboratively across teams?
- Do you act proactively with a strong sense of ownership and accountability?
What you will do
The Corporate Security and Privacy Analyst will be responsible for coordinating and managing IT audits related to HITRUST, SOC2 and SOX, organizing KnowBe4 training sessions and phishing campaigns, facilitating HITRUST certification processes, and conducting ongoing policy audits and assessments. This role ensures that the organization complies with industry standards and regulatory requirements, enhancing overall security posture and minimizing risks.
Key Responsibilities
- SOC2/SOX IT Audits:
- Coordinate and manage SOC2 and SOX IT audits, including planning, execution, and follow-up.
- Collaborate with internal teams and external auditors to gather necessary documentation and evidence.
- Identify and address audit findings, implementing corrective actions as needed.
- Maintain up-to-date knowledge of SOC2 and SOX requirements and ensure compliance.
- KnowBe4 Training and Phishing Campaigns:
- Plan, organize, and execute KnowBe4 training sessions for employees.
- Develop and manage phishing campaigns to assess and improve employee awareness and response to security threats.
- Analyze campaign results and provide recommendations for improvement.
- Ensure training materials are current and align with industry best practices.
- HITRUST Certification:
- Coordinate HITRUST certification process, including initial assessments, gap analysis, and remediation efforts.
- Work closely with cross-functional teams to ensure compliance with HITRUST CSF requirements.
- Maintain documentation and evidence required for HITRUST certification.
- Monitor changes in HITRUST requirements and adjust internal processes accordingly.
- Policy Audits and Assessments:
- Conduct regular policy audits and assessments to ensure compliance with internal policies and regulatory standards.
- Identify areas for improvement and recommend policy updates or new policies as needed.
- Collaborate with stakeholders to implement and communicate policy changes.
- Monitor and report on compliance status and risk levels to senior management.
- Risk Management:
- Perform risk assessments and develop mitigation strategies for identified risks.
- Maintain a risk register and track the status of risk mitigation efforts.
- Provide risk management training and awareness to employees.
- Reporting and Documentation:
- Prepare and present regular reports on compliance status, audit findings, and risk management activities.
- Maintain accurate and organized records of all compliance and audit activities.
What you need
- Bachelor’s degree in Information Security , Computer Science, or a related field or relevant work experience.
- 3+ years of experience in IT security, risk management, or compliance roles.
- Strong understanding of SOC2, SOX, and HITRUST requirements.
- Strong understanding of regulatory requirements (HIPAA).
- Experience with KnowBe4 or similar security awareness training platforms.
- Excellent organizational and project management skills.
- Strong analytical and problem-solving abilities.
- Effective communication skills, both written and verbal.
- Ability to travel on occasion for audits and assessments
Compensation
In the spirit of pay transparency, we are excited to share the base salary range for this position is $90,000-$121,500 exclusive of fringe benefits or potential bonuses. If you are hired at NRC Health, your final base salary compensation will be determined based on factors such as geographic location, skills, education, and/or experience. In addition to those factors – we believe in the importance of pay equity and consider internal equity of our current team members as a part of any final offer. Please keep in mind that the range mentioned above is the full base salary range for the role. Hiring at the maximum of the range would not be typical in order to allow for future and continued salary growth. We also offer a generous compensation and benefits package. For more information on specific benefits, please refer to our Careers Page .
NRC Health is not currently hiring in DE, HI, LA, MD, NJ, RI, D.C .
In general, NRC Health’s positions are closed within 30 days. However, factors such as candidate flow and business necessity may require NRC Health to shorten or extend the application window. We encourage our prospective candidates to submit their application expediently so as not to miss out on our opportunities.
Diversity, Equity, Inclusion & Belonging
At NRC Health, Diversity, Equity, Inclusion & Belonging are essential to our mission as a company devoted to greater Human Understanding. For information about our efforts in this area, please refer to our DEI&B webpage and our Equal Employment Opportunity policy.
Have Purpose. Think B oldly. Feel C onnected . Be U nderstood.