Back to Career Site
Our Mission is to Make Healthcare Right. Together. Built upon the belief that by connecting and aligning the best local resources in healthcare delivery with the financing of care, we can deliver a superior consumer experience, lower costs, and optimized clinical outcomes.
What drives our mission? The company values we live and breathe every day. We keep it simple: Be Brave. Be Brilliant. Be Accountable. Be Inclusive. Be Collaborative.
If you share our passion for changing healthcare so all people can live healthy, brighter lives – apply to join our team.
SCOPE OF ROLE
Working as part of the information security team within the technology office at Bright Health, the Security Analyst 2 will report directly to the Information Security Manager, GRC and will be responsible for leading the day to day IT compliance, data governance, and IT risk management functions. The role will include primary responsibility for defining, creating, and managing IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.
- Collaborate to define IT security standards and develop supporting organizational policies.
- Perform security and compliance assessments on new and existing systems, processes, and technology.
- Support vendor due diligence process and help to lead and define overall third-party risk management efforts.
- Work with various business units to ensure controls are adequate, appropriate, and effective.
- Support internal and external audit process for relevant compliance concerns including SOC2, SOX, and HIPAA requirements.
- Perform business impact analysis and assist with the management of IT/InfoSec risk register. Perform periodic gap assessments to validate compliance on an ongoing basis.
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends
EDUCATION, TRAINING, AND PROFESSIONAL EXPERIENCE
- Highschool diploma or GED required; Bachelor’s degree in related field or equivalent work experience prefered.
- Three (3) or more years of relevant information security experience required
- Experience in governance, risk management, and compliance within the cybersecurity realm including assisting with security and privacy audits, and managing risk management reports, highly preferred.
We understand patient pain points, eliminating complexity while increasing transparency, for greater access and easier navigation.
We integrate and align individual incentives at all levels, from financing to optimization to delivery of care.