Information Assurance and Compliance Analyst at CirrusMD Inc.
Who We're Looking For:
We are looking for an experienced Information Assurance and Compliance Analyst to contribute to our mission of redefining the healthcare experience for patients and providers. We are seeking to add a talented Information Assurance and Compliance Analyst to join our team. This role requires a high degree of technical cyber security experience. This person will be responsible for all security-related tasks, including day-to-day administration of different information security tools and devices and configuration and fine-tuning of tools to improve effectiveness in security event monitoring. This position will support our Federal security programs and initiatives. This person will also perform regular security analyses and update security-related policies and procedures as necessary.
This position can sit remote anywhere in the U.S., with the flexibility to work from our Denver HQ as you'd like. Please note that no matter where you are located, all employees should be available during our core working hours from 9 am to 4 pm MDT Monday through Friday. The salary range for this role is 90,000-115,000/year. Actual pay may vary based on job-related skills, qualifications, certifications, and experience. This role may also be eligible for a discretionary bonus in addition to equity incentives and a comprehensive benefits package.
What You'll Accomplish:
- Lead risk assessment processes and oversee implementation of security plans to meet customer and regulatory requirements.
- Develop System Security Plans (SSP), including Security Concept of Operations, Risk Management Matrix, Security Control Traceability Matrix, Security Test Procedures, and Plan of Action and Milestones (POAM)
- Conduct internal information security audits around ISO 27001/2, SOC2, HITRUST and FedRAMP security controls
- Communicate regularly with stakeholders on security compliance issues, status of remediation, and assisting in generation of reports and metrics on overall state of the program
- Work with Project Managers ensuring appropriate information security policies, standards, procedures, and guidelines are being incorporated across services and infrastructure
- Manage and track remediation of identified risks and vulnerabilities and provide appropriate reporting to all interested parties
- Experience with Enterprise Governance, Risk Management, and Compliance (GRC) tools
- Experience with event monitoring and alerting tools such as AlertLogic, Stackdriver, and Splunk
- Working knowledge of security regulations, standards, and frameworks, including but not limited to ISO27000, SOC2, GDPR, and NIST
- Excellent written and verbal communication skills with the ability to accurately communicate security and risk-related information to technical and non-technical audiences
- Experience in developing, documenting and maintaining security procedures.
- Knowledge of network infrastructure and security, including routers, switches, firewalls, and associated network protocols and concepts.
- Knowledge of security auditing techniques.
- Knowledge of computer control environments.
- Strong knowledge of technology and security topics including network security, wireless security, application security, infrastructure hardening and security baselines, web server and database security.
- Strong written and verbal communication skills.
- Ability to clearly and effectively communicate concerns, issues and research to other teams.
What Will Make You Stand Out:
- Bachelor's Degree in Computer Science, Engineering, or other Engineering or Technical discipline or equivalent relevant experience.
- 5+ years of experience IT Security Strategy, Risk Management, IT Audit and Compliance
- CISSP certification
- Extensive experience with AWS
- Experience with Government Security Requirements as outlined in NIST guideline
- Experience with Risk Management Framework processes
- Experience managing resources performing multiple project related tasks
- Excellent customer-facing communication skills
- Strong time management and analytical skills
- A reputation for superb communication skills with other engineers and teammates
- You have a reputation for a high level of craftsmanship about your work
Benefits Who We Are:
Based in Denver, CirrusMD is the nation's leading virtual care platform that delivers a chat first, multi-modal, data driven experience to enable providers, payers and employers the ability to offer high touch, personalized healthcare to their members or employees. Founded in 2012, CirrusMD helps our customers create happier, healthier, and more engaged patients by giving them access to on-demand virtual care solutions that they love to engage with. Our chat-powered care delivery platform connects patients to a dedicated, board-certified physician in under 60 seconds from any web-enabled device, with no cost and no time limits attached. CirrusMD enables a stress-free, human care conversation that doesn't end until members get the answers (and peace of mind) they need to manage their wellness.
Why Work at CirrusMD?
CirrusMD is quickly transitioning from a startup to a highly recognized healthcare industry disruptor. If you are looking to make a lasting impact where your voice matters, consider joining our team and help us deliver care without barriers. We offer an exceptional benefits package including health, dental and vision, 401k with match, flexible vacation and remote work policies, competitive salaries, stock options and more.
CirrusMD is committed to creating a diverse and inclusive workforce and is proud to be an equal opportunity employer. We aim to create a workplace that celebrates the diversity of our employees, users, and customers. We strive to deliver products and services that work for everyone by including perspectives from backgrounds that vary by race, ethnicity, social background, religion, gender, age, disability, sexual orientation, veteran status, and national origin. We are particularly focused on ensuring women and BIPOC are equally represented across all positions, including management. Our focus is on advancing, cultivating, preserving a culture of diversity and inclusion as it directly aligns with our mission to provide access to affordable and personalized health care for everyone.
Notice to recruiters and placement agencies: If you are a recruiter or placement agency, please do not submit resumes to any person or email address at CirrusMD prior to having a signed agreement with Human Resources. CirrusMD is not liable for and will not pay placement fees for candidates submitted by any agency other than its approved recruitment partners. Also, any resumes sent to us without an agreement in place will be considered your company's gift to CirrusMD and may be forwarded to our Talent Acquisition team.