Security Compliance Analyst

Job Summary

The Security Compliance Analyst, reporting to the Manager of Risk Assessment, provides security and compliance assessment and consulting services for healthcare clients. The role demands a working understanding of information security frameworks, standards, laws, regulations, and protocols. Key responsibilities encompass project management, conducting information security assessments, and advising clients on all matters concerning patient health information protection and regulatory adherence.

Essential Job Functions

The following duties are normal for this position. The omission of specific statements of duties does not exclude them from being expected of this position if the work is similar, related, or a logical assignment for this position. Other duties may be required.

• Under supervision, manage assigned client projects, ensuring clear communication, managed expectations, and timely deliverables.
• With guidance, conduct on-site Information Security and Compliance assessments using Fortified Healthcare tools and methodology.
• Assist in developing or providing guidance on Information Security and Compliance policies and processes.
• Maintain current knowledge of healthcare security and compliance federal and state laws/regulations, and third-party standards, including HIPAA, HITECH, and HITRUST.
• Ensure the organization's adherence to cybersecurity standards and practices, particularly the HIPAA Security Rule and NIST Cybersecurity Framework.
• Deliver high-quality, professional client support in information security and compliance via conference calls, on-site meetings, and electronic communications.
• Manage client expectations and facilitate engagement throughout the assessment process.
• Contribute to enhancing current services or developing new client offerings with leadership input and guidance.
• With guidance, develop Corrective Action Plans (Risk Management Plans) following Security Risk Assessments. As agreed upon, develop client-requested documentation such as Policies, Procedures, and similar materials.
• Identify opportunities within client environments to reduce cybersecurity risks and communicate these internally when applicable.
• Assist with client presentations for both technical and administrative audiences.
• Possess foundational knowledge and understand output from security systems such as anti-malware, encryption, and vulnerability scans.
• Demonstrate basic experience or understanding of report writing and delivery based on security assessment results.

Knowledge & Skills

Education & Experience

• Bachelor's degree in Cybersecurity, Information Systems, or equivalent experience preferred.
• Minimum of 3 years of experience in information security consulting, assessment, governance, risk, and compliance required.
• Prior cybersecurity experience within the healthcare industry preferred.
• Understanding of potential and emerging cybersecurity threats, vulnerabilities, and control techniques (technical, physical, and administrative).
• Familiarity with security standards, architectures, frameworks, and best practices such as ISO 27001/27002, NIST Cybersecurity Framework, COBIT, and PCI DSS.
• Foundational understanding of international, federal, and state regulatory and compliance requirements, including HIPAA, SOX, and GDPR.

Special Skills & Knowledge

• Strong written and verbal communication skills required.
• Proven ability to multitask, prioritize, and manage time effectively in a remote setting.
• Highly motivated self-starter with a drive to deliver excellence in all tasks.

Licenses, Certifications, etc.

Security certifications such as Security+, CC, HITRUST, HCISPP, CISSP, CISM, CISA, CEH, GIAC, CHP, and CHPS are preferred.

Requirements

Supervisory Responsibility

N/A

Working Conditions & Travel Requirements

• Travel as required, up to 25%.
• Valid driver’s license
• A quiet, professional workspace with a reliable high-speed internet connection

Fortified Health Security is an Equal Opportunity Employer. In compliance with the Americans with Disabilities Act, Fortified Health Security will provide reasonable accommodations to qualified individuals with disabilities.If a reasonable accommodation is needed to perform this position, you need to inform Fortified Health Security People and Culture Team of such request. Signatures below indicate the receipt and review of this job description by the associate assigned to the position and the People and Culture Team.