Sr. Risk and Compliance Analyst at Abacus Insights
Abacus Insights is a mission-driven, start-up technology company that is focused on improving health outcomes, lowering the cost of healthcare, and delivering a more seamless healthcare experience. At our core, we are passionate about advancing healthcare and improving people’s lives through technology.
With our deep expertise in cloud-enabled technologies and knowledge of the healthcare industry, we have built an innovative data integration and management platform that allows healthcare payers access to data that has been historically siloed and inaccessible. Through our platform, these health insurance payers can ingest and manage all the data they need to transform their business by supporting their analytical, operational, and financial needs.
Through this mission and passion to aid people and population health, we have built a highly successful SaaS business that is heavily funded (since our founding in 2017 we have over 18 million) by leading VC firms who have deep expertise in the healthcare and technology industries. At Abacus, we are solving problems of massive scale and complexity in an industry that is not only ripe for disruption but requires innovation. We see massive growth in our future and would love for you to be a part of it!
As Abacus is preparing for its next phase of growth and continues to expand our customer base, we have recognized the need for a Senior Risk and Compliance Analyst. This role will play a critical part in helping to build and ship secure products with velocity, while protecting the critical customer production and corporate infrastructure.
The role of Senior Risk/Compliance Analyst will include the following responsibilities:
- Establish the company compliance and risk charter and function
- Lead Information Risk and Compliance projects by coordinating activities and timetables with business units
- Maintain the schedule of activities required for compliance and assist in the completion of these activities.
- Prepare and maintain Information Systems and compliance policies, procedures, standards, and guidelines
- Collaborate with company functions and implement procedures with evidence gathering
- Curate, develop, review, and administer information security awareness and training material for compliance obligations
- Apply MyCSF for self-assessments and managing compliance and risk maturity
- Perform gap analysis on existing policies and procedures relating to information security, acceptable use, security development standards, and other applicable areas based on risks, current threats, and industry best practices.
- Propose additional policies, or changes to existing policies, based on identified gaps
- Supports HITRUST and Service Organization Control (SOC 2) and internal audit requirements and activities by assisting in the planning and execution of assessments to minimize disruption on business processes and operational systems
- Support efforts to gather documentation and supporting evidence and facilitates external and internal audit requests
- Manage the remediation activities from assessments, audit findings and compliance related issues
- Conduct security audits, review security risk assessments, and make recommendations for security improvements in existing application, network, technology, and processes, or to achieve compliance with applicable regulations relating to research data and information
- Assist with customer audits in collaboration with Sales/Services teams and supports maintenance of a database to facilitate timely responses.
- Assists with security/compliance evaluations of third party vendors.
- Bachelor’s degree with 5 years assessment experience to include experience in Information Security or Audit, and Information Security Risk or Compliance Assessment OR an equivalent combination of Education and Training totaling 4 years with an additional 7 years of experience in Information Security and Information Security Assessment.
- Knowledge of risk assessment design and delivery
- Knowledge of / experience working with AWS Cloud technologies/environments
- Familiarity with some relevant security frameworks such as HITRUST, SOC2, FedRAMP, ISO 27001, GDPR, PCI, etc.
- Proven experience building productive relationships with Technical Operations, Security Operations, Incident Response, Technical Compliance and other stakeholders
- Ability to prioritize and multitask. Flexibility and adaptability in work approach.
- Strong written and verbal communication skills.
- Professional security management certification: CISSP or CISA preferred
- Past experience in audit participation and certification is desirable