We are CONNECTING HEALTH AND WEALTH. Come be part of remarkable.
How you can make a difference
We are looking for a passionate Senior IT Compliance Analyst to join our team in Draper, UT. You will report to the IT Services Manager, and work closely with internal audit and be responsible for the management of all IT related aspects of client assurance (questionnaire, agreements and audits). As a key risk advisor, you will be addressing IT issues and processes that impact both current and future system architectures that are in scope for HITRUST, Sarbanes-Oxley, PCI/DSS, FEDRAMP, SOC1/SOC2, etc. You will have experience on both sides of the audit and assessment process, proven experience; how to test controls and how to design them specific to IT operations. You will review the design of existing controls and offer ideas on improving and consolidating those controls, educating and informing others within the organization, and identifying opportunities for improvements in existing processes.
What you’ll be doing
- Provide consultative advice to internal customers in the areas of risk management, technology and business process security controls, to enable them to make informed risk decisions, develop acceptable risk mitigation strategies, documented processes, and achieve controls compliance.
- Facilitate and carry out HITRUST, SOC1/2, ISO 27001, FEDRAMP, SOX, and PCI/DSS compliance and certification audits engagements, data/artifact collection, exception remediation and monitoring.
- Assist with security risk assessments on new or existing IT products, services, and technologies to analyze controls, identify and evaluate mitigating control opportunities and assign residual risk using the organizational risk management methodology. Support the development and execution of enterprise-level IT risk assessments.
- Assists in, or potentially leads, the identification of business process improvements and partners with technology and business stakeholders to identify pragmatic approaches to compliance readiness and testing.
- Manage the assessment and remediation of IT control deficiencies through collaborating with auditors and control owners to perform root cause analysis, design remediation plans, and update control design documentation.
- Support IT management by acting as a liaison between internal/external auditors and IT control owners. Participate in control walkthroughs, assist in gathering audit evidence requests, and coordinate follow-up requests.
- Directly gathering evidence such as domain password policies, database audit configuration, backup job details, etc. from productions systems with the ability to perform these tasks in real-time to screenshare with auditors.
- Develop and maintain metrics for the compliance dashboard to show effort vs. workload and follow-up tasks/ pending items on customer compliance on a monthly basis and support the IT Services Manager to present in various management meetings.
- Ensure that all employees within business units are made aware on compliance requirements and prepared for assessments based on their respective role in information security.
- Develop, maintain and deliver IT Governance/Compliance Awareness Training to over 3,000 team members.
- Provides coaching and mentorship to more junior team members.
What you will need to be successful
- Degree in information security, information technology or related discipline or equivalent experience
- 5+ years of experience in IT audit and/or compliance, with a concentration on ISO 27001, specifically experience leading a Cloud Service Provider through ISO 27001 certification process
- 3+ years of hands on technical experience with Windows Server, Linux, Oracle and SQL server at a proficient level to demonstrate control evidence directly to auditors
- At least one certification from ISO 27001 Lead Auditor, CISA, HIPAA Expert, SOX Expert Certification (Preferred)
- Extensive level of knowledge in at least one of industry standards and best practices such as SOC1, SOC2 Type II, ISO/IEC 27001 Certification, HIPAA Compliance, HITRUST, and PCI/DSS
- Extensive exposure to and knowledge of Information Technologies and IT security best practices
- Extensive working experience in establishing information security risk management, governance, compliance and audits in different regions and business units from scratch and achieve maturity over next 2 years
- Excellent business communication skills
- Ability to work autonomously or as part of a team, within targets and deadlines
- Must be willing to travel
Benefits and perks
- Medical, Dental, Vision
- 401(k) match
- Paid Maternity/Paternity leave
- Ongoing education
- Tuition Assistance
- Gym/Fitness Reimbursement
- Purple with Purpose (paid volunteer time off)
- HSA contribution and match
- On site Lunch and Learns
- Award winning Wellness Program
- Consumer Driven Healthcare (CDH) education
Why work for HealthEquity
HealthEquity has a vision that by 2030 we will make HSAs as wide-spread and popular as retirement accounts. We are passionate about providing a solution that allows American families to connect health and wealth and build health savings for life. Through our innovative technology and superior service delivery, our members gain valuable insights to better save and spend their healthcare dollars.
We firmly believe that our team members drive the success of this company. We hire passionate contributors who enjoy the thrill of pioneering their positions to their full potential. Join us and discover a work experience where the person is valued more than the position, and where are our purple culture drives a remarkable experience.
Our advice to you
HealthEquity is fiercely focused on hiring passionate individuals to contribute to our purple culture. If you speak passion, excellence, service, ambition, fun… we want to speak with you! We believe that your personality is as important as your experience and qualifications so when we do have the opportunity to speak together, be authentic, be genuine, be you! Showcase your experience and your passion.
HealthEquity, Inc. is a proud promoter of equal opportunities for training, compensation, transfer, promotion, and other aspects of employment for all qualified applicants and employees. HealthEquity, Inc. support Equal Employment Opportunities without regard to sex, race, color, religion, national origin, age, disability, sexual orientation or veteran status when hiring – under federal, state and local laws.