Analyst, Security - Customer Due Diligence

The Security Analyst – Customer Due Diligence will be responsible for establishing, implementing, and or executing GRC Programs that are designed to effectively assess, represent, and report on the Governance, Risk, and Compliance of Company and associated security policies, standards and guidelines related to all information systems. Responsibilities of this position include the monitoring of compliance to HIPAA, NIST CSF and SOC 2 security requirements, managing third-party engagements to conduct audits including a SOC 2 Type 2 and Combined Security and Compliance Risk Assessments on an annual basis. This individual is responsible to ensure that the security related questions of the customers are answered accurately, completely, and promptly.

The Security Analyst – Customer Due Diligence will be expected to effectively leverage their established subject matter expertise and a high degree of collaboration with multiple teams across the organization to drive progress and to overcome obstacles. This position will be expected to effectively interact with senior leaders across both business and shared services functions.

The Security Analyst – Customer Due Diligence is challenged with evaluating the effectiveness of the state-of-the art security techniques that are employed to maintain the highest level of security for all platforms and applications maintained by the company and translating that information into responses to customers. This individual will leverage expert evaluation to identify gaps, evaluate the risk those gaps could represent to the organization, develop remediation plans, clearly communicate the risks and remediation plans with senior leadership, and collaborate with multidisciplinary and cross-functional teams to remediate those gaps, reporting both internally and with customers as necessary, regarding remediation of any identified items.

• Lead and ensure the successful completion of the SOC 2 Type 2 audit as well as the combined Security and Compliance Risk Assessment, in collaboration with third party auditors and internal resources, on an annual basis.
• Communicate directly with customers to ensure their questions regarding security practices and methodologies of the company are appropriately represented to them. Collaborating internally as needed to obtain any information necessary to satisfy the customers' needs in alignment with company policies and procedures for sharing information externally.
• Collaborate with customers as needed on the tracking and remediation of any items identified for follow up by customers to ensure any concerns are promptly addressed.
• Leverage individual expertise as well as certified third-party opinions to identify gaps, evaluate the risk those gaps could represent to the organization, develop remediation plans, clearly communicate the risks and remediation plans with senior leadership, and collaborate with multidisciplinary and cross-functional teams to remediate those gaps.
• Identify opportunities to improve security management practices in alignment with audit requirements and best practices.
• Keep abreast of “state of the art” security techniques to advise systems designers, users, and teammates on security methods that best implement stated policy and standards.
• Conduct annual IT policy review, collaborating with subject matter experts as necessary to incorporate updates. Recognize and identify areas where existing policies and procedures require change, or where new ones need to be developed, especially regarding future business expansion, recommend ways to improve them to management and lead efforts to implement those plans once approved.
• Maintain awareness of the rapidly changing environment and ensure these changes are accurately captured in internal reports and responses to customers.
• Support the mission of and direction of Information Services both within the department and throughout the corporation.
• Build team spirit by assisting and coaching other staff members.
• Completion of any activities, tasks, and other projects as defined.
• Ensure all changes comply with the Change Management policies and procedures.
• Assist with change and problem management activities to ensure that information security concerns are incorporated into information technology development efforts.

• Education Level: Bachelor’s Degree - Degree must be from an accredited college or university.
• Major: Business Systems, Computer Science, Security Risk Analysis, Cybersecurity, Information Sciences
• Demonstrated experience collaborating with third parties to conduct audits of Information Systems
• Experience delivering, or being a key contributor to enterprise level IT audits (preferably SOC 2 Type 2, NIST CSF)
• Strong understanding of HIPAA, NIST CSF and SOC 2 components and controls.
• Adept at effectively assessing the needs of Security in alignment with Business requirements designing and communicating mutually agreeable solutions that satisfy all stakeholder needs, tracking and reporting on remediation efforts.
• Proven experience making impactful contributions to projects; serving in lead roles on successfully delivered projects while requiring minimal supervision.
• Trusted subject matter expert with a strong history of delivering high quality work product and requiring minimal supervision of tasks.
• SOC 2 Type 2 and NIST CSF experience preferred.

This job requires access to confidential and critical information, requiring ongoing discretion and secure information management.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Concentra is an Equal Opportunity Employer, including disability/veterans