IT Risk Management & Compliance Analyst
Imagine a workplace that encourages you to interpret, innovate and inspire. Our employees do just that by helping healthcare payers manage the cost of care, improve competitiveness and inspire positive change. You can be part of an established company with a 40-year legacy that helps our customers thrive by interpreting our client's needs and tailoring innovative healthcare cost management solutions.
Our commitment to diversity, inclusion and belonging are part of the fabric of our company. We strive to create a workplace that fosters mutual respect and collaboration, where every talented individual can participate and perform their best work. We are MultiPlan and we are where bright people come to shine!
Please note: our offices are currently closed due to the pandemic and our employees are working from home. Once our offices reopen, this position will transition to working in either our NYC, Naperville, IL, Arlington, TX, Bedford, MA or Rockville, MD office.
This role is a critical position within the team, and has risk and compliance responsibilities from a technology and cyber security perspective across the IT organization. Working closely with Internal Audit and IT stakeholders across the organization, this position will be responsible for operating and enhancing the audit and assessment portfolio of efforts to streamline evidence collection in support of HITRUST, SOX, SOC and HIPAA.
Your job duties will include the following:
1. Support MultiPlan’s IT Risk Management Program
2. Develop and maintain a centralized evidence repository system in support of various audits and assessments that, at the minimum:
a. Includes commonly asked security questions and answers
b. Provides search functionality
c. Maps to existing audit and assessment frameworks (NIST, HITRUST, HIPAA, SOC, SOX)
d. Includes evidence in support of audits and assessments
e. Provides ability to automate evidence collection and updates
3. Act as primary administrator of the centralized repository system
4. Manage projects to build new functionality, processes, and/or reporting in the centralized repository system, including requirements gathering, configuration, testing, deployment and user training.
5. Develop and maintain all user documentation related to system, including user guides and system baselines.
6. Obtain and review evidence ensuring response to audits and assessments are well-documented.
7. Support client security requests (i.e. questionnaires)
8. Assist in audits and reviews of assigned business processes to evaluate adequacy of controls within IT, on findings and make recommendations for corrections of weaknesses, and improvements in operations.
9. Develop and implement IT audit programs and testing procedures and processes relevant to risk/compliance and test objectives across IT departments.
10. Utilize audit findings to make appropriate recommendations for the correction of weaknesses within processes and procedures that support the continual improvement in operational procedures.
11. Provide guidance to IT subject matter experts on audit and assessment requests
12. Analyze existing processes to identify inefficiencies and opportunities for improvement.
13. Identify, collaborate, coordinate and communicate opportunities for strengthening IT security throughout the company.
14. Collaborate, coordinate and communicate across disciplines and departments, design, develop and implement security controls and policies.
15. Ensure compliance with HITRUST, SOX, SOC, HIPAA regulations and requirements.
16. Demonstrate Company’s Core Competencies and values held within.
17. The position responsibilities outlined above are in no way to be construed as all-encompassing. Other duties, responsibilities and qualifications may be required and/or assigned as necessary.
18. This role does not require access to PHI