Lead, Security Compliance Analyst

About Rhapsody: 
Healthcare is innovating and you can be a part of it. Getting data from one provider to another, or from a provider to a health insurance company, is harder than it should be. Our mission is to change this – to accelerate innovation by easing the data access burden. Imagine developing solutions that accelerate digital transformation. This is what we do at Rhapsody. By providing data exchange and data quality solutions that enable information to move seamlessly from one system to another. Whether building an application or using one, every part of the health ecosystem needs Rhapsody as a foundation. 
 
Most people will not ever see our products (that's how infrastructure works) and services during a medical visit. Our solutions run behind the scenes, and you can think of them as a central nervous system helping to move data to accelerate innovation and improve outcomes. If using your knowledge to help solve this important problem sounds rewarding, apply today at rhapsody.health. 
 
What we have to offer you: 
• Comprehensive benefits package on day 1 (medical, dental, vision, life, disability) 
• 401k with a generous company match 
• Unlimited PTO, sick time & volunteer days 
• An innovative, inclusive, and fun work environment 
• Continuous learning and development opportunities 

Job Summary:

The Lead Security Compliance Analyst assists the Chief Information Security Officer (CISO) and VP, Compliance in designing, implementing and supporting the governance of the Information Security Management System (ISMS) to maintain compliance with relevant legal, contractual, and regulatory privacy and security requirements of the organization. The primary responsibilities include managing all information security and privacy policies and procedures, conducting periodic risk assessments, performing internal and external audits, maintaining third-party assurance, monitoring and reporting all areas of non-compliance to management.

Responsibilities:

• Review and update security compliance policies, procedures and related documentation at least annually or earlier if required.
• Research, analyze, and communicate requirements from ISO 27001, HITRUST, SOC2 Type2, Cyber Essentials Plus, HIPAA, GDPR and other regulatory standards to internal and external stakeholders.
• Ensure the success of HITRUST, ISO 27001, SOC2 Type 2, and Cyber Essentials Plus audits with external assessors.
• Organize, maintain, and archive relevant security documentation/artifacts for internal and external parties in SharePoint/OneDrive.
• Coordinate, schedule and perform periodic security risk assessments and internal audits with the assistance of independent consultants.
• Facilitate remediations of identified findings during risk assessments and/or audits by developing mitigation plans and timelines with relevant internal or external stakeholders as required.
• Monitor the progress of the mitigation actions and provide periodic status updates to the management including identifying potential issues that may prevent timely completion of the mitigation projects.
• Complete customer security questionnaires and respond to compliance inquiries from customers.
• Perform vendor security assessments on third parties who have access to Rhapsody data and/or systems, prior to onboarding and annually thereafter.
• Work with internal stakeholders in IT and Cloud Operations to implement periodic information security maintenance reviews to ensure adequacy and effectiveness of security and compliance controls.
• Assist in the development, and testing of the organization’s incident response process.
• Coordinate with consultants and internal stakeholders to conduct periodic Incident Response Tabletop exercises.
• Coordinate with consultants to conduct annual penetration testing of our cloud products and IT infrastructure.
• Report areas of non-compliance and non-conformities to the CISO and VP of Compliance as required.

Qualifications:

• Bachelor's degree in related field
• 3 years of experience relevant to described duties, and success with HITRUST, ISO 27001 and SOC2 Type2 audits.
• Attention to detail and rigorous analytic attitude.
• Excellent presentation, written and verbal communication abilities.

Rhapsody provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.