ITSC Security Analyst

About Judi Health

Judi Health is an enterprise health technology company providing a comprehensive suite of solutions for employers and health plans, including:

• Capital Rx, a public benefit corporation delivering full-service pharmacy benefit management (PBM) solutions to self-insured employers,

• Judi Health™, which offers full-service health benefit management solutions to employers, TPAs, and health plans, and

• Judi®, the industry’s leading proprietary Enterprise Health Platform (EHP), which consolidates all claim administration-related workflows in one scalable, secure platform.

Together with our clients, we’re rebuilding trust in healthcare in the U.S. and deploying the infrastructure we need for the care we deserve. To learn more, visit www.judi.health.

Location: Remote

Position Summary:

The IT Security & Compliance Analyst works collaboratively within the IT department to identify, manage and communicate security risks, implement and monitor security compliance, and respond to audits effectively.

Position Responsibilities:

• Collaborate with the engineering departments to implement security controls from approved security frameworks and drive best IT practices.

• Interface with internal partner teams to help drive best practices and compliance.

• Evaluate and perform Risk Assessments of new software solutions with internal partners.

• Drive deployment of new systems/solutions as needed.

• Write procedure documentation for end users as needed to facilitate process improvement.

• Help develop IT security training content and drive completion of required security training in collaboration with Human Resources.

• Respond to complex security questionnaires, RFP/RFI requests, and client audits.

• Facilitate end-to-end evidence gathering for external audits, ensuring all technical and administrative artifacts align strictly with security control requirements and regulatory frameworks.

• Evaluate, identify, and remediate the risks associated with current vendors, new vendor acquisitions, and consumer data exchanges.

• Perform risk oversight tasks of vendor security compliance.

• Help run Internal, external and vendor related audits.

• Conduct security analysis of deployed software.

• Monitor for risks to the enterprise and to implemented controls

• Identify, maintain, and publish the requirements for the IT department to achieve compliance and privacy standards in SOC 2, HITRUST, FedRAMP, and other frameworks.

• Work with the internal team in communicating related security notifications and IT controls within the organization while collaborating with teams and vendors on changes, remediations, and updates.

• Experience with incident management Drive use cases to enable threat detection and hunting based on threat intelligence frameworks.

• Experience with Agile and/or Kanban with emphasis on Scrum to drive continuous process improvement.

• Perform Access Reviews.

Required Qualifications:

• Experience related to duties and responsibilities.

• Experience working in Governance, Risk, and Compliance.

• A customer-oriented approach to problem resolution

• Experience with IT control auditing and compliance.

• Working knowledge of Software Development Lifecycle concepts and processes

• Working knowledge of cloud providers with respect to IT Security & Compliance controls and practices.

• General knowledge of frameworks and controls: NIST 800-53, FedRAMP, HITRUST, SOC 2, PCI, ISO 27001

• General knowledge of HIPAA and the requirements to protect PHI.

• Ability to communicate concepts in a concise form to management and cross-functional teams. departments or teams verbally, in writing, and through pictures or diagrams when appropriate.

• Excellent written, oral, instructional, presentation, and interpersonal skills focused on motivation and positive attitude.

• Highly self-motivated with the ability to prioritize tasks and work independently.

• Ability to work quickly and efficiently.

• Desire to work at a rapidly growing organization in healthcare.

• Experience working with remote users in a distributed environment.

• Experience with Office 365 suite, Atlassian suite, Vanta (or other GRC tools).

• Experience with any major cloud platform (AWS, Google, Azure) is preferred.

Preferred Certifications:

• CCSK

• CCAK

• CISA

• AWS Cloud Practitioner

• SANS certificates

This range represents the low and high end of the anticipated base salary range for the NY - based position. The actual base salary will depend on several factors such as: experience, knowledge, and skills, and if the location of the job changes.

Salary Range
$125,000—$140,000 USD

All employees are responsible for adherence to the Capital Rx Code of Conduct including the reporting of non-compliance. This position description is designed to be flexible, allowing management the opportunity to assign or reassign duties and responsibilities as needed to best meet organizational goals.

Judi Health values a diverse workplace and celebrates the diversity that each employee brings to the table. We are proud to provide equal employment opportunities to all employees and applicants for employment and prohibit discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, medical condition, genetic information, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

By submitting an application, you agree to the retention of your personal data for consideration for a future position at Judi Health. More details about Judi Health's privacy practices can be found at https://www.judi.health/legal/privacy-policy.