Senior Analyst, Information Security Governance, Risk, & Compliance

Grow Healthy

If you are as passionate about helping those in need as you are about growing your career, consider AltaMed. At AltaMed, your passion for helping others isn't just welcomed - it's nurtured, celebrated, and promoted, allowing you to grow while making a meaningful difference. We don't just serve our communities; we are an integral part of them. By raising the expectations of what a community clinic can deliver, we demonstrate our belief that quality care is for everyone. Our commitment to providing exceptional care, despite any challenges, goes beyond just a job; it's a calling that drives us forward every day.

Job Overview

The Senior Analyst, Information Security Governance, Risk, & Compliance will be responsible for the corporate-wide Information Security GRC program. This person will work closely with Information Services, Office of Compliance and Risk Management (OCRM), Legal, HR, and Procurement to ensure reasonable and appropriate IT controls are in place to minimize risk and ensure compliance with AltaMed's Information Security Policy and Standards, the HIPAA Security Rule, Data Privacy regulations and the Payment Card Industry - Data Security Standards (PCI-DSS). This person will assist with the development, implementation, and maintenance of AltaMed's Information Security Policies, standards, and guidelines, and be an SME for HIPAA, PCI, and Privacy. Additionally, this person will also be responsible for leading vulnerability management efforts, and vendor and risk management programs, including leading the risk-based change management program, liaising with internal/external auditors to ensure audits lead to a successful outcome, and being responsible for the Security Exception/Risk Acceptance process. The position will also manage, maintain, and administer the company's IT Risk Register and Information Security Awareness Training program.

Minimum Requirements

• A bachelor's degree in business, information systems management, or a related field is required.
• A minimum of 5 years of experience in IT audit or IT risk management is required.
• Experience in leading security assessments, IT vendor risk assessments, and InfoSec control management.
• Working knowledge of HIPAA, Privacy, and PCI data requirements, and other state / federal regulatory requirements of sensitive information.
• Experience with application security, SaaS, and/or cloud security is a plus.
• Must hold an active Certified Information Systems Security Professional (CISSP) certification.

Compensation

$121,780.05 - $152,225.07 annually

Compensation Disclaimer

Actual salary offers are considered by various factors, including budget, experience, skills, education, licensure and certifications, and other business considerations. The range is subject to change. AltaMed is committed to ensuring a fair and competitive compensation package that reflects the candidate's value and the role's strategic importance within the organization. This role may also qualify for discretionary bonuses or incentives.

Benefits & Career Development

• Medical, Dental and Vision insurance
• 403(b) Retirement savings plans with employer matching contributions
• Flexible Spending Accounts
• Commuter Flexible Spending
• Career Advancement & Development opportunities
• Paid Time Off & Holidays
• Paid CME Days
• Malpractice insurance and tail coverage
• Tuition Reimbursement Program
• Corporate Employee Discounts
• Employee Referral Bonus Program
• Pet Care Insurance

Job Advertisement & Application Compliance Statement

AltaMed Health Services Corp. will consider qualified applicants with criminal history pursuant to the California Fair Chance Act and City of Los Angeles Fair Chance Ordinance for Employers. You do not need to disclose your criminal history or participate in a background check until a conditional job offer is made to you. After making a conditional offer and running a background check, if AltaMed Health Service Corp. is concerned about a conviction directly related to the job, you will be given a chance to explain the circumstances surrounding the conviction, provide mitigating evidence, or challenge the accuracy of the background report.