Back to Career Site
Our Mission is to Make Healthcare Right. Together. Built upon the belief that by connecting and aligning the best local resources in healthcare delivery with the financing of care, we can deliver a superior consumer experience, lower costs, and optimized clinical outcomes.
What drives our mission? The company values we live and breathe every day. We keep it simple: Be Brave. Be Brilliant. Be Accountable. Be Inclusive. Be Collaborative.
If you share our passion for changing healthcare so all people can live healthy, brighter lives – apply to join our team.
SCOPE OF ROLE
Working as part of the Information Security team within the Technology office at Bright Health, the Information Security Analyst 4 will report directly to the Information Security GRC Manager and will be responsible for leading day-to-day IT compliance, data governance, and leading audit activities (internal and external). The role will include primary responsibility for identifying, analyzing, and influencing the management of information risks across the organization in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.
- Perform security and compliance assessments on new and existing systems, processes, and technology.
- Use configuration monitoring systems to run compliance scans on endpoints, servers and network devices.
- Run compliance and metrics reports using configuration monitoring systems.
- Support vendor due-diligence process and help to lead and define overall third-party risk management efforts.
- Work with various business units to identify and facilitate implementation of appropriate controls to effectively manage information risks.
- Lead internal and external audit process for relevant compliance concerns including NIST CSF, SOC 2, HIPAA requirements.
- Perform periodic gap assessments to validate compliance on an ongoing basis.
- Collaborate to define IT security standards and develop supporting organizational policies.
- Maintain IT/InfoSec risk register and communicate risk findings to risk owners and business leaders.
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
- Train and mentor members of the Information Security GRC Team. Other duties and responsibilities as assigned.
EDUCATION, TRAINING, AND PROFESSIONAL EXPERIENCE
- Seven (7) years’ of relevant work experience required.
- Bachelor’s degree in Information Security or related field; or equivalent work experience required.
LICENSURES AND CERTIFICATIONS
- ISACA, GIAC or (ISC)2 Certification preferred.
We understand patient pain points, eliminating complexity while increasing transparency, for greater access and easier navigation.
We integrate and align individual incentives at all levels, from financing to optimization to delivery of care.