ITSC Security Analyst

About Judi Health Judi Health is an enterprise health technology company providing a comprehensive suite of solutions for employers and health plans, including: Capital Rx , a public benefit corporation delivering full-service pharmacy benefit management (PBM) solutions to self-insured employers, Judi Health™ , which offers full-service health benefit management solutions to employers, TPAs, and health plans, and Judi® , the industry’s leading proprietary Enterprise Health Platform (EHP), which consolidates all claim administration-related workflows in one scalable, secure platform. Together with our clients, we’re rebuilding trust in healthcare in the U.S. and deploying the infrastructure we need for the care we deserve. To learn more, visit www.judi.health . Location: Remote Position Summary : The IT Security Compliance Analyst works collaboratively within the IT department to identify, manage and communicate security risks, implement and monitor security compliance, and respond to audits effectively. Position Responsibilities: Collaborate with the engineering departments to implement security controls from approved security frameworks and drive best IT practices. Interface with internal partner teams to help drive best practices and compliance. Evaluate and perform Risk Assessments of new software solutions with internal partners. Drive deployment of new systems/solutions as needed. Write procedure documentation for end users as needed to facilitate process improvement. Help develop IT security training content and drive completion of required security training in collaboration with Human Resources. Respond to complex security questionnaires, RFP/RFI requests, and client audits. Facilitate end-to-end evidence gathering for external audits, ensuring all technical and administrative artifacts align strictly with security control requirements and regulatory frameworks. Evaluate, identify, and remediate the risks associated with current vendors, new vendor acquisitions, and consumer data exchanges. Perform risk oversight tasks of vendor security compliance. Help run Internal, external and vendor related audits. Conduct security analysis of deployed software. Monitor for risks to the enterprise and to implemented controls Identify, maintain, and publish the requirements for the IT department to achieve compliance and privacy standards in SOC 2, HITRUST, FedRAMP, and other frameworks. Work with the internal team in communicating related security notifications and IT controls within the organization while collaborating with teams and vendors on changes, remediations, and updates. Experience with incident management Drive use cases to enable threat detection and hunting based on threat intelligence frameworks. Experience with Agile and/or Kanban with emphasis on Scrum to drive continuous process improvement. Perform Access Reviews. Required Qualifications: Experience related to duties and responsibilities. Experience working in Governance, Risk, and Compliance. A customer-oriented approach to problem resolution Experience with IT control auditing and compliance. Working knowledge of Software Development Lifecycle concepts and processes Working knowledge of cloud providers with respect to IT Security Compliance controls and practices. General knowledge of frameworks and controls: NIST 800-53, FedRAMP, HITRUST, SOC 2, PCI, ISO 27001 General knowledge of HIPAA and the requirements to protect PHI. Ability to communicate concepts in a concise form to management and cross-functional teams . departments or teams verbally, in writing, and through pictures or diagrams when appropriate. Excellent written, oral, instructional, presentation, and interpersonal skills focused on motivation and positive attitude. Highly self-motivated with the ability to prioritize tasks and work independently. Ability to work quickly and efficiently. Desire to work at a rapidly growing organization in healthcare. Expe ... (truncated, view full listing at source)