Senior Information Technology Compliance Analyst

Alignment Healthcare was founded with a mission to revolutionize health care with a serving heart culture. Through its unique integrated care delivery models, deep physician partnerships and use of proprietary technologies, Alignment is committed to transforming health care one person at a time.

By becoming a part of the Alignment Healthcare team, you will provide members with the quality of care they truly need and deserve. We believe that great work comes from people who are inspired to be their best. We have built a team of talented and experienced people who are passionate about transforming the lives of the seniors we serve. In this fast-growing company, you will find ample room for growth and innovation alongside the Alignment community.

Position Summary:

Our ideal candidate is an experienced IT assurance, IT audit or IT risk lead or manager whose career includes a broad range of hands-on experience working with a variety of business critical applications and IT environments preferably within regulated healthcare companies, including experience with PCAOB regulations, SOC1&2, ITGC's, SOX, HIPAA, HITRUST, PCI compliance and reporting, and internal controls over financial reporting.

General Duties/Responsibilities (May include but are not limited to):

·         Conduct evaluations of IT risks and controls associated with both on premise and cloud infrastructure, and processes relating to HiTrust, SOX, HIPAA, ISO, NIST.

·         Manage 3rd party data exchange relationships to ensure that data protection controls and documentation gaps are satisfactorily addressed.

·         Facilitate regular meetings with business and IT stakeholders to track the progress of ongoing compliance and security remediation and planning efforts.

·         Participate in security tooling and compliance automation implementation efforts.

·         Update, establish and implement information security policy, standards and processes

·         Act as a subject matter expert in understanding regulatory and IT risks, and how compensating controls or mitigating processes affect that risk.

·         Facilitate resolution of IT audit, compliance, and information security-related issues and conduct periodic readiness testing of controls.

·         Provide technical guidance to other DTS team members in managing compliant processes, build and run states.

·         Assist in designing and oversight of technical compliance using vulnerability scans, penetration testing, application and infrastructure code reviews, etc.

·         Evaluate, propose, and leverage resources and solutions where appropriate that are scalable and cost effective including in-house, on premise, cloud, hybrid, hosted, staffing, and sourcing solutions.

Supervisory Responsibilities:

N/A

Minimum Requirements:

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The requirements listed below are representative of the knowledge, skill, and/or ability required.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1.       Minimum Experience:

a.       Minimum of 5 years of hands-on experience in information technology required; demonstrating a steady growth of skills and responsibility around IT internal controls and processes.

b.       Minimum of 2 years of Audit and Compliance experience, including knowledge and experience with PCAOB or HIPAA oriented regulations and requirements.

2.       Education/Licensure:

a.       Bachelor’s degree in a related field, or a minimum of 5 years related experience.

3.       Other:

1. 1. Familiarity with control standards such as PCAOB/SOX, ISO 27001/2, SOC2, COBIT, HIPAA, PCI, NIST, CSA.
   2. Excellent oral and written communication skills; ability to present and discuss technical information in a way that establishes rapport and trust.
   3. Preferred:

                                                               i.      Experience with Microsoft Azure or AWS.

                                                             ii.      Prior experience in the Healthcare or a related HIPAA regulated industry.

                                                           iii.      Experience with audit or compliance within DevOps oriented activities.

                                                           iv.      One or more related GRC certifications or accreditations. (e.g., CISA, CIA, SANS, CISM, CISSP)

                                                             v.      Experience with SaaS, IaaS and other cloud-based platforms and tools.

                                                           vi.      Creation of software development, release and change control processes and reporting.

                                                          vii.      Ability to design and fit agile controls and lead IT audit engagements across many teams.

                                                        viii.      Ability to multi-task and set workload priorities in a fast-paced and changing environment.

1. Work Environment

1. 1. The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Essential Physical Functions:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job.  Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

1. While performing the duties of this job, the employee is regularly required to talk or hear. The employee regularly is required to stand, walk, sit, use hand to finger, handle or feel objects, tools, or controls; and reach with hands and arms.
2. The employee frequently lifts and/or moves up to 10 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus.