Security Compliance Analyst
Crossover Health
About Crossover Health
Crossover Health is creating the future of health as it should be. A national, team-based medical group with a focus on wellbeing and prevention that extends beyond traditional sick care, the company delivers an entirely new model of healthcare—Primary Health—built on the foundation of trusted relationships, an interdisciplinary care team approach, and outcomes-based payment. Crossover’s Primary Health model integrates primary care, physical medicine, mental health, health coaching, care navigation and more, and delivers care in surround-sound—in-person, virtually and via asynchronous messaging. Together we are building a community of members that embraces healthcare as a proactive part of their lifestyle.
Job Summary
Job Responsibilities
This role is critical to Crossover’s security and compliance efforts. The ideal candidate will thrive in an environment where every day brings opportunities to learn new technologies, work on projects small and large. This role will focus on Third-Party Risk Management and will be responsible for performing annual and new vendor risk reviews, and supporting internal and external audits including SOC2 and HITRUST Certifications.
Perform security vendor risk assessments to evaluate third-party security risks, ensuring all vendors meet Crossover Health’s security standards
Assist third party security audits including HITRUST and SOC2 by collecting and reviewing evidence, supporting internal control owners, and coordinating with assessors.
Serve as an advisor to TechOps, DevOps, Engineering, HR, and other business units to ensure teams are aware of, and understand, compliance requirements that impact their department
Monitor the organization's Security risks, risk registers, and treatment plans. Coordinate with business stakeholders and auditors to perform point-in-time and annual security risk assessments
Monitor compliance with Crossover Health’s policies and procedures
Assist with internal security risk assessments and communicate findings to stakeholders.
Identify policy and process improvement opportunities, develop recommendations, and communicate with stakeholders collaboratively
Respond to customer security questionnaires
Provide high quality written and verbal reports as required
Perform other duties as assigned
Required Qualifications
2+ years experience in an IT, security, compliance, audit or development role
Internal audit and/or compliance experience
Knowledge of core security controls and systems such as risk analysis quantification and points of escalation
Strong understanding of information security principles, including risk assessment and mitigation strategies.
A broad understanding of Information Security technologies, programs and systems
Coordinate large scale projects such as annual security audits
Demonstrated excellence in organizing, prioritizing, and multitasking in a high paced environment
Excellent verbal and written communication skills to speak across multiple audiences
Excellent analytical and problem-solving skills in the context of information security.
Ability to work independently, as well as in a team environment
Continuously sought and embraced opportunities to build upon your skills and knowledge
Strong organizational and problem solving skills
Preferred Qualifications
Prior experience conducting SOC, ISO, PCI and/or SOX audits.
Experience running a vendor risk management program or conducting vendor risk assessments
Knowledge of cloud technologies and IaaS, PaaS, and SaaS platforms
Experience writing and reviewing formal policies and procedures
Working knowledge of federal and state healthcare regulations such as HIPAA
Working knowledge of privacy laws and regulations such as GDPR & CCPA
Prior experience working in healthcare and/or software
Security related certifications, such as CISA, CISM, CISSP, CRISC, and/or other professional certifications
Crossover Health is committed to Equal Employment Opportunity regardless of race, color, national origin, gender, sexual orientation, age, religion, veteran status, disability, history of disability or perceived disability. If you need assistance or an accommodation due to a disability, you may email us at careers@crossoverhealth.com.
To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.
#LI-Onsite