Senior Security Analyst
HHAeXchange is the leading technology platform for home and community-based care. Founded in 2008, HHAeXchange was born out of an idea to create a fully comprehensive end-to-end homecare solution to help people who are aging or have disabilities thrive in their homes and communities. Our employees are passionate about transforming the healthcare space by building the only homecare ecosystem that fully connects patients, personal care providers, managed care organizations, and states.
The Security GRC Manager is responsible for leading the Governance, Risk Compliance (GRC) team and the programs within the group. The position is hands-on personnel and program manager role and performs key risk management functions within the Security Governance department. Primary functions include management of client responses, Policy & Standards, Security Vendor Risk program management, Security Awareness, Controls Assurance, Compliance Management, and GRC tool management.
To perform this job successfully, an individual must be able to perform each essential job duty satisfactorily with or without reasonable accommodation. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Essential Job Duties
- Manage the organization's Security risks, risk registers, and treatment plans. Coordinate with business stakeholders and lead point-in-time and annual security risk assessments on SaaS, IaaS, and PaaS products and solutions.
- Lead a team of information security GRC professionals to streamline and accomplish security certifications and attestations covering HITRUST, HIPAA, SOC 1, SOC 2, and NIST 800:53 annually, demonstrating cybersecurity assurance internally and to customers.
- Conduct company-wide security training and awareness programs to educate employees on security best practices and reduce the risk of security incidents.
- Perform security vendor risk assessments to evaluate and manage third-party security risks, ensuring all vendors meet the company’s security standards.
- Handle security inquiries from customers promptly and accurately, enhancing customer confidence in the company’s security posture.
- Manage information security audits to assess and improve the company’s security posture and ensure continuous compliance with industry standards and frameworks. This includes user access reviews and other key security measures.
- Assist in providing executive and board of directors reporting on the company's security status, initiatives, and risk management efforts to ensure informed decision-making at the highest levels.
- Develop and enforce robust security policies and procedures that align with the organization's goals and objectives, ensuring comprehensive security coverage and compliance across all products.
Travel Requirements
- Travel up to 10%, including overnight travel
Required Education, Experience, Certifications and Skills
- 5-8 years of experience within Information Security/Governance
- 3+ years of experience in effectively analyzing data and programs for security risk, compliance, and maturity.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.
- A degree in Computer Science, IT, Systems Engineering or a related qualification, certification, or experience.
- Expertise with at least one major cloud service provider, AWS preferred.
- Strong knowledge on Security frameworks and technologies such as HITRUST, NIST 800:53, and SOC2 are required.
- Strong knowledge of risk management principles and practices is required.
- Technical writing experience is required.
- Business Intelligence/Analytics (Tableau or PowerBI) is preferred.
- Prior IT Security experience in the healthcare industry experience is preferred.
- Ability to communicate an effective security awareness message throughout the organization.
- Demonstrate ability to create and maintain security policy, standard, guideline, and procedure documents.
HHAeXchange is an equal-opportunity employer. The Company offers employment opportunities to all applicants and employees without regard to race, color, religion, national origin, sex, sexual orientation, gender identity or expression, age, disability, medical condition, marital status, veteran status, citizenship, genetic information, hairstyles, or any other status protected by local or federal law.
The base salary range for this US-based, full-time, and exempt position is $115,000-130,000/yr, not including variable compensation. An employee’s exact starting salary will be based on various factors including but not limited to experience, education, training, merit, location, and the ability to exemplify the HHAeXchange core values.
This is a benefits-eligible position. HHAeXchange offers competitive health plans, paid time-off, company paid holidays, 401K retirement program with a Company elected match, including other company sponsored programs.