Information Security & Technology Associate
At Vault, we believe quality healthcare is a human right. Our mission is to make better health outcomes more accessible and affordable for everyone. Our platform makes this possible by bringing remote diagnostics and specialty care to patients in their homes, on their home screens, and within their hometown communities— wherever they choose. We are reimagining the 21st century healthcare experience for patients, practitioners and providers—making the promise of better health more attainable through our end-to-end healthcare platform.
About the Opportunity
We're looking for a Information Technology Associate to join our team. You'll work closely with the IT Compliance Program lead and Third-Party Risk Management (TPRM) lead to maintain a consistent, reliable compliance program for the organization. This includes assisting in security risk assessments and working with organizational leaders and vendors to verify controls are in place. As well as reporting on control activities, supporting regular internal and 3rd party audit of controls and working to facilitate resolution of compliance and control gaps in a timely manner. You'll also assist with regulatory and company mandatory training program management.
- Perform information security compliance activities, including daily, weekly, quarterly and/or annual control tasks and task reviews.
- Assisting with security risk assessments including performance of internal assessments and responding to external assessments.
- Reviews and provides approval for periodic User Access Reviews of user and system accounts, security/access roles, and access permissions to information assets.
- Partner with stakeholders (Operations, Finance, HR, Cybersecurity, Engineering, Sales, Legal) to effectively coordinate the execution of SOC controls and third-party controls.
- Creating, communicating, and maintaining policies, procedures, and training “How-To’s” for IT Compliance including TPRM / Vendor Risk Management.
- Works with Third-Party Risk Management / Vendor Risk Management lead to performing TPRM vendor risk assessments and track status of the TPRM work products.
- Work with Third Parties to track open findings to closure through review of supporting documentation including the preparation and distribution of assessment reports.
- Understands and provides guidance on Data Classification, Data Protections and the associated risks for vendors and systems that store and process regulated and sensitive data.
- Maintains System records in Governance Risk Compliance (GRC) system and ticketing systems as needed.
- Meets scheduled milestones to ensure project/program objectives are met in a timely manner.
- Performs other duties as assigned.
- Support in the development of monthly KPI and KRI metrics around the GRC program
- Minimum of 2 years of experience in a Cybersecurity, IT compliance or IT Audit position
- BA/BS degree, preferred, not required
- CISA, CISSP, CRISC, CPA or similar certifications are highly desirable
- Hands-on experience with GRC systems is desirable
- Knowledge of SOC controls (System and Organization Controls) and/or HIPAA compliance are desirable.
- Project management experience
- Proficiency in MS Excel, data analysis and reporting
- Experience working in a remote position, must be a self-starter, inquisitive and always looking for better ways of doing things
- Highly service oriented, champion for change, self-motivated, excellent written and verbal communication, excellent crisis management skills, team member development
- Proactive, wants to build relationships with the business and help them have the best user experience
- Ability to audit and assess operational processes and work products against the control frameworks and objectives including SOC 2 and HIPAA
- Ability to clearly and effectively express information or ideas to individuals or groups in a variety of ways (verbal, nonverbal, written, and visual). Includes understanding when and how to adapt messages for different audiences as well as listening to others’ instructions, ideas and intentions, attending nonverbal cues, and responding appropriately
- Ability to systematically apply techniques to describe, illustrate, condense, summarize, and evaluate data. The synthesis and analysis of various types of data to reach a decision, make a recommendation, or to compile reports, briefings, executive summaries, and other correspondence to support organizational work, goals, and plans
- Understands and guides others in the proper handling of data to protect individuals’ privacy (Personally Identifiable Information PII, Protected Health Information PHI) and other sensitive, restricted or regulated data and information, including addressing whether and how data is shared and with whom; how data is collected and stored; and legal and regulatory compliance
- You are a people person who develops relationships with others in order to work effectively. Includes being sensitive to and inclusive of cultural diversity, race, gender, disabilities, and other individual differences as well as considering and responding appropriately to the needs, feelings, and capabilities of customers and colleagues (subordinates, peers, and superiors).
- Strong knowledge and awareness of and compliance with laws, regulations, policies, and ethics that can impact organizational activities
Vault Health is an equal opportunity employer. All applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, national origin, age, disability, or veteran status.