Search Jobs

QuadMed is looking for an IT Security Analyst to join our QuadMed IT team. This is a remote role with occasional travel.

GENERAL PURPOSE OF JOB

The IT Security Analyst assists the Director of Information Security and Compliance in developing, coordinating, and supporting the overall objectives of QuadMed’s information security, risk management and compliance programs. This includes participating in special projects, developing and implementing information security and compliance auditing and monitoring activities, and identifying opportunities to improve QuadMed’s overall risk posture.

KEY RESPONSIBILITIES

• Conducts reviews of organizational and functional activities, evaluating the adequacy and effectiveness of information technology security controls. (IT General Controls/Splunk/Nessus/3rd Party)
• Performs regular audits and participates in a variety of special projects to improve systems or processes and/or to reduce organizational risks. (IT General Controls, SOC2, PCI, HIPAA)
• Assists with the development of risk and threat matrices to track organizational risks and mitigation efforts. (Scorecards, Security reporting, System vulnerability tracking)
• Coordinates and assists with third party audits and assessments (HIPAA, Risk, DR, PCI, SOC2).
• Assists with security risk assessments for new and current third-party vendors. (VSQ, BDS, SOC 2)
• Collaborates with other departments to implement process improvement or remediation activities as generated by findings from internal / external audits.
• Utilizes reporting tools to identify questionable user behaviors such as inappropriate access, irregular usage patterns, excessive account lock outs or other activities.
• Identifies, prepares and maintains appropriate and required data, records, reports and other documentation relevant to carrying out all the above activities and assists with reporting the business’ performance in these areas.
• Coordinates employee education, awareness, training and testing activities including phish and insider threat testing.
• Actively seeks knowledge of new, automated, or more efficient auditing and monitoring techniques to increase departmental and/or organizational efficiency and effectiveness.
• Helps coordinate the reviews of system documentation, and security or compliance related policies and procedures.
• Performs other duties as assigned to support departmental initiatives as well as overall strategic goals and objectives of the Company.  

JOB REQUIREMENTS

Education:  

• Bachelor’s Degree from a four-year college or university in business, healthcare, information technology, security or a related field required

Experience:  

• The ideal candidate will have at least one (1) year experience in a healthcare setting, most notably in a HIPAA, privacy, security or audit/compliance-related role.

Certificates, Licenses, Registrations:  

• Certifications in areas of healthcare compliance, privacy, security, health information management, risk management assurance, internal auditing, and/or Epic Systems preferred  

Knowledge, Skills & Abilities:  

• Knowledge of healthcare laws and regulations, auditing and monitoring principles, risk management, electronic health record systems and a strong ability to interpret and present multifaceted concepts and analyses.  
• Knowledge and experience with HIPAA and other privacy-related regulations and the application of these regulations in a healthcare setting, or a similar job that required interpretation of complex regulations and communication of same to all levels of workforce.  
• Requires analytical and problem-solving skills to ensure that internal controls, policies and procedures are being followed consistently in order to safeguard the Company’s assets, verify the accuracy and reliability of its data, and promote adherence to the prescribed policies, resulting in recommendations that add value for process improvements throughout all areas of the organization.
• Individual must possess excellent attention to detail, strong writing and verbal communications skills, and be able to make critical decisions based on data analysis.
• Highly collaborative individual with ability to influence others and build strong professional relationships.  
• Maintains a high degree of creditability, independence, integrity, confidentiality and trust.  
• Ability to work independently, make independent judgments and set priorities.  
• Demonstrated ability to research, compile and analyze regulatory and business information, assess compliance or other business risks, and provide feedback as to resolutions or recommendations for process improvement.  
• Proven ability to work effectively with diverse populations and a demonstrated commitment to fostering inclusion.
• May require occasional travel.