Senior Compliance Analyst

Promote activities that secure the sensitive data that is entrusted to <Company> by managing many of our policies and processes:

• Participate in ongoing compliance efforts across a number of frameworks such as HITRUST, HIPAA, ARS, SOC 1/2, CCPA, NIST, and FedRAMP.
• Perform audits and tabletop exercises to test and improve security across <Company>.
• Assist with vendor and customer risk assessments.
• Coordinate employee access rights to sensitive data.
• Help manage Business Associate Agreement (BAA) and Data Use Agreement (DUA) compliance requirements.
• Review system-related information security plans throughout the organization’s network to ensure alignment with security best practices and compliance frameworks.
• Partner with engineering and product teams to ensure products in development comply with applicable compliance frameworks.

Help improve the company’s security and privacy compliance stance overall:

• Assist in the creation of policies and compliance standards with <Company> Security, Engineering, IT, and Legal.
• Lead audit walkthroughs and process of audit evidence collection and review for internal and external audit engagements.
• Conduct security and privacy compliance training programs across the organization, including conducting training and information sessions.
• Work with senior Security, Leadership, Product, and Engineering teams, along with Trust, and Legal team members to convert laws, regulations, contractual obligations, and industry best practices into business and functional requirements.

Maintain security and privacy subject matter knowledge of current standards and developments:

• Remain current on advancements in information security and privacy technologies and changing applicable federal and state security and privacy laws and standards to ensure organizational adaptation and compliance.