The IT Risk and Compliance Analyst will support EDCO’s overall risk management and compliance efforts. The majority focus will be efforts related to HITRUST, SOC 2, and HIPAA compliance in addition to responsibilities listed below.
- Assess compliance with policies, standards, and regulations through the performance of risk assessments and controls testing and provide recommendations related to non-compliance areas requiring remediation.
- Support coordination of internal and external audits with IT Process owners and other key stakeholders including facilitating evidence collection and other requests from audit teams related to SSAE16 SOC2-Type 2, HIPAA, and HITRUST.
- Monitor existing risk and controls framework for emerging risks including evaluating applicability to the company and providing control recommendations, where applicable.
- Identify improvement opportunities and provide recommendations to further mature existing IT processes and controls to align with best practices including use of automation and optimization.
- Assist in educating and training individuals across the organization including control and process owners related to compliance concepts, requirements, and responsibilities and establish awareness regarding role of the overall compliance function.
- Guide and assist departments in understanding and implementing security controls.
- Participate in third-party risk management program.
- Participate in Business Continuity management.
- Maintain policies, standards, and guidelines.
- Additional duties may include Vulnerability Management, Incident Management and Incident Response support.
- Bachelor’s degree in Information Security, Computer Science, Information Systems, or equivalent years of experience in related areas.
- Minimum three years’ experience in one or more of the following areas: IT Compliance, IT Audit, IT Risk Management, IT Governance, IT Support.
- Experience with the monitoring and evaluation of technology processes and controls including design and operating effectiveness testing and reporting on results and recommendations required.
- Experience with creating and maintaining high quality documentation related to IT processes including flow charts and data flow diagrams required.
- Possess or be able to obtain within 1 year one of the following professional designations preferred: CISA, CISSP, CRISC, CGEIT, CISM.
- Knowledge and experience with regulatory frameworks and compliance standards such as SSAE16 SOC2, COBIT, NIST, ISO, HIPAA, HITRUST, PCI etc. is beneficial.
- Experience with performing technical risk assessments, analyzing risk, and providing recommendation of risk mitigation strategies is beneficial.
- Ability to work and collaborate effectively with executives, technical subject matter experts, and internal/external auditors in gathering information and demonstrating compliance with standards.
- Strong project management and organizational skills with demonstrated ability to complete assignments timely and effectively.
- Effective written and oral communication.
- Strong personal organization skills, including ability to prioritize multiple tasks/workloads, delegate, set and accomplish goals.
EDCO Health Information Solutions provides a combination of software, services, and process knowledge to optimize the management of health information in acute and ambulatory settings throughout North America. By leveraging Solarity technology, EDCO has enabled healthcare facilities to maximize efficiencies, reduce cost, and streamline health information to improve patient care. For more information, go to www.solaritybyedco.com.
EDCO is an equal opportunity employer.