Your Future Evolves HereEvolent partners with health plans and providers to achieve better outcomes for people with most complex and costly health conditions. Working across specialties and primary care, we seek to connect the pieces of fragmented health care system and ensure people get the same level of care and compassion we would want for our loved ones.Evolent employees enjoy work/life balance, the flexibility to suit their work to their lives, and autonomy they need to get things done. We believe that people do their best work when they're supported to live their best lives, and when they feel welcome to bring their whole selves to work. That's one reason why diversity and inclusion are core to our business.Join Evolent for the mission. Stay for the culture.What You’ll Be Doing:Join our dynamic Information & Cyber Security team as a Governance Risk and Compliance Analyst and contribute to reducing risk and improving the company's security posture. You will be the focal point for all healthcare compliance activities, ensuring the company meets HIPAA, HITECH, contractual requirements, and relevant state laws.Collaboration Opportunities :You will work closely with key stakeholders across the company and its affiliates daily, including IT, legal, and operational teams. This role offers ample opportunities for teamwork and collaboration to enhance our security and compliance efforts.What You Will Be Doing:
Lead and participate in compliance audits : Oversee annual internal and external audits, including ISO, HIPAA, SOC, and HITRUST requirements.
Audit and evaluate security practices : Audit applications, configurations, and internal practices against standards such as HIPAA and HITRUST.
Develop and implement security policies : Collaborate with business units to create and enforce forward-thinking information security policies, standards, and processes.
Ensure regulatory compliance : Maintain Evolent Health’s compliance with industry and regulatory requirements, including HIPAA, HITECH, HITRUST, NIST-800-53, and CMMI.
Documentation and management : Create and maintain documentation to track, manage, and report on compliance notifications, issues, corrective action plans, and audit results.
Perform risk assessments : Conduct continuous gap analysis, identify risks, and perform risk assessments to mitigate potential security threats.
Stakeholder collaboration and corrective actions : Work with business units to ensure corrective actions are taken for compliance deficiencies and highlight risks in contractual obligations.
Respond to security inquiries and manage third-party risks : Address customer security questionnaires, RFP/RFI’s, and manage Third-Party Risk Management assessments against regulatory requirements, generating monthly compliance reports.
Qualifications - Required and Preferred:
2- 3+ years of experience in GRC and certifications in Information Security (CISM, CRISC, CISA). (Required)
Knowledge of HITRUST, ISO 27001, SOC 1 & 2 Type 2 audits, and experience with internal and external ISO 27001 audits. (Required)
Proficiency in risk assessment and treatment methods.
Strong stakeholder management and excellent communication skills (written and verbal). (Required)
Intermediate proficiency in Excel. (Preferred)
Working knowledge of ISO 27001, HIPAA, SOC 1 & 2, and experience in the US healthcare, banking, or regulatory environment. (Required)
Understanding of infrastructure security tools/technologies (e.g., firewalls, IPS, endpoint detection and response, IAM, vulnerability management, DLP, application security, cloud security, incident, and threat management). (Preferred)
Strong interpersonal, presentation, and reporting skills, and ability to communicate with senior management, self-starter in complex situations. (Required)
Technical Requirements:We require that all employees have the following technical capability at their home: High speed internet over 10 Mbps and, specifically for all call center employees, the ability to plug in directly to the home internet router. These at-home technical requirements are subject to change with any scheduled re-opening of our office locations.Evolent is an equal opportunity employer and considers all qualified applicants equally without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, or disability status. If you need reasonable accommodation to access the information provided on this website, please contact recruiting@evolent.com for further assistance.The expected base salary/wage range for this position is $65,000 - $75,000. This position is also eligible for a bonus component that would be dependent on pre-defined performance factors. As part of our total compensation package, Evolent is proud to offer comprehensive benefits (including health insurance benefits) to qualifying employees. All compensation determinations are based on the skills and experience required for the position and commensurate with experience of selected individuals, which may vary above and below the stated amounts.Don't see the dream job you are looking for? Drop off your contact information and resume and we will reach out to you if we find the perfect fit!For more insights about Evolent Health, click on Life At Evolent (https://www.evolent.com/) to learn more!