Remote Jobs

Information Security Governance & Assurance Analyst


PayCompetitive
LocationRemote
Employment typeFull-Time

This job is now closed

  • Job Description

      Req#: 2357061
      Job Type

      Full-time

      Description

      Overview

      As part of the Information Security team at CareMetx, a leading healthcare technology company, the Information Security Governance and Assurance Analyst will help ensure that CareMetx's information security policies, procedures, and technical systems comply with client, regulatory and legal requirements, as well as industry standards and best practices. The Governance and Assurance Analyst will also engage in and support various internal and external audits including SOC 2, HIPAA Security, client security audits, and vendor security reviews. Working with members of the security, legal and compliant teams, this role will require a blend of technical knowledge, auditing skills, and policy-making capabilities.

      Job Title: Information Security Governance and Assurance Analyst

      Department: Information Security / IT

      Location: Remote

      Reports To: Chief Information Security Officer (CISO)

      Job Summary: As an Information Security Governance and Assurance Analyst, you will be responsible for managing and enhancing the organization's information security governance framework and ensuring compliance with internal policies and external regulations. You will work with the CISO in developing a process for managing the client security audit process. In fulfilling your responsibilities, you will work closely with IT, legal, and business units to identify, assess, and mitigate risks, and to ensure alignment between security policies and business objectives.

      Key Responsibilities:
      • Policy Development and Management:
      • Develop, maintain, and update information security policies, standards, and guidelines in accordance with industry best practices.
      • Ensure that security policies are communicated to all personnel and that compliance is enforced.
      • Assurance Management:
      • Conduct regular security audits, risk assessments, and compliance monitoring activities to ensure adherence to internal policies, standards, and regulatory requirements.
      • Work with external auditors during audits and reviews to represent the organization's information security policies and procedures.
      • Work with internal stakeholders and our clients to support the processing of client security audits and questionnaires.
      • Risk Management:
      • Identify, evaluate, and report on information security risks in a manner that meets compliance and regulatory requirements.
      • Recommend and implement risk mitigation strategies to manage identified risks within acceptable levels.
      • Training and Awareness:
      • Help develop information security training and awareness content to ensure that employees understand their role in maintaining information security.
      • Incident Management:
      • Participate in the investigation and resolution of information security incidents to document, track and ensure follow through with remedial actions in order to implement improvements and prevent future occurrences.
      • Regulatory and Legal Compliance:
      • Stay up-to-date with current and upcoming laws, regulations, and standards affecting information security and privacy to ensure organizational alignment.
      • Assist in the development of compliance and assurance strategies for new regulations.


      Qualifications:
      • Bachelor's degree in information technology, Computer Science, Information Security, or a related field.
      • Professional certifications such as CISSP, CISM, CISA, or equivalent are highly desirable.
      • Minimum of 3-5 years of experience in information security, particularly in governance, risk management, compliance and/or assurance.
      • Strong understanding of information security principles, frameworks (e.g., ISO 27001, NIST), and regulations (e.g., GDPR, HIPAA).
      • Excellent communication skills, both written and verbal, with the ability to explain complex security concepts to non-technical stakeholders.
      • Proven ability to manage multiple projects and priorities in a fast-paced environment.
      • Physical and Environmental Conditions:
      • This role may require occasional travel to attend meetings, training, or conduct audits.
      • Regular use of computers and other technology for long periods.
  • About the company

      The best remote jobs for you