IT Auditor-Security Compliance Analyst (Contract)
- Job Title
- IT Auditor-Security Compliance Analyst (Contract)
- Job ID
- Troy, MI 48083
- Other Location
Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to hire, and direct placements. We have a wide range of recruiting capabilities extending from help desk technicians to CIOs. We are also capable of offering project based work.
Information Security Compliance Analyst
Conexess is looking for an Information Security Compliance Analyst for our client in Troy, MI. This is a 4-6 month contract with potential to be extended.The Information Security Compliance Analyst will be responsible for implementing, monitoring and assessing the state of security controls designed to protect patient and company information. The analyst will assist in evaluating, assessing, and monitoring the organization's compliance with applicable information security standards and frameworks, industry best-practices and guidelines, and applicable laws and regulations. The analyst will also help coordinate and maintain the organization's information security program, and assist staff in implementing security policy objectives in ways that align with business objectives.
· Lead the effort of building the security compliance program using the HITRUST Common Security Framework as the foundation while ensuring that HIPAA Security requirements, PCI requirements, and other audit requirements are met.
· Implement and maintain IT security controls, including IT security policy changes required by technical, business, or compliance changes; review and develop policies, procedures, and standards.
· Facilitate annual security compliance reviews and audits.
· Help Finance department leadership maintain PCI compliance documentation.
· Participate in the development of the Information Security Awareness Program, including reviews and updates to New Employee Orientation.
· Provide identity access governance to ensure user access is appropriate and in compliance with standards.
· Assist in the assessment and review of new and existing technology infrastructure to ensure adequate levels of control are in place to address identified risks and develop risk mitigation techniques and processes when necessary.
· Develop, implement, and maintain IT compliance controls, including the review of existing controls for regulatory updates and perform necessary gap analysis.
· Design and execute compliance tests for IT systems and coordinates required remediation and corrective action plans.
· Conduct risk assessments on business and operational processes, procedures, and policies; interpret audit results and make conclusions on the adequacy and reliability of controls; prepare and present reports, as necessary.
· Stay informed about current security and privacy laws and provide guidance to the team when evaluating new projects; and perform other duties as assigned.
· Bachelor’s degree or equivalent work experience in a technical discipline related to Information Technology
· Minimum of 6+ years of progressive experience in audit and compliance, including 4 years in information technology shared services.
· Minimum of 3 years’ experience in healthcare highly desired.
· Strong working knowledge of common IT security regulations and/or standards, such as NIST 800-53/Cybersecurity Framework, ISO 27001/2, HITRUST, CIS Benchmarks, and PCI DSS.
· Industry recognized certifications in IT Security including one of the following is preferred: CISM, CISSP, CISA, CRISC, and/or GIAC.
· Strong understanding of IT governance controls, including working knowledge of GRC tools.
· Must understand the current security threats model and demonstrate a strong willingness to stay at the forefront of security developments.
· Strong analytical and decision making skills, including the ability to prioritize and work on multiple projects under time constraints.
· Ability to work independently as well as in a team environment, including multi-level staff and external partners.
· Excellent interpersonal and communication skills (written and verbal).
· Experience with change management, continuous improvement and Lean principles.