Cybersecurity Assurance Analyst

Company Description

Privia Health™ is a technology-driven national physician enablement company that collaborates with medical groups health plans and health systems to optimize physician practices improve patient experiences and reward doctors for delivering high-value care in both in-person and virtual settings. The Privia Platform is led by top industry talent and exceptional physician leadership and consists of scalable operations and end-to-end cloud-based technology that reduces unnecessary healthcare costs achieves better outcomes and improves the health of patients and the well-being of providers.

Job Description

Reports to the Sr. Manager of IT Audit & Security. The Cybersecurity Assurance Analyst will be responsible for ensuring IT systems and procedures are secure compliant with HIPAA SOX and HITRUST and aligned with industry best practices. They have experience in EMR IAM IGA and access review tools with strong analytical skills for identifying and addressing security risks. The Cybersecurity Assurance Analyst collaborates with teams to ensure compliance with evolving security policies and workflows focusing on access vulnerabilities. They assist in documenting governance processes and designing policy for approval workflows privileged access management and lifecycle management. Additionally the Cybersecurity Assurance Analyst supports the design implementation and refinement of SOX-related controls user access reporting and quarterly audits.

• Assist with regular audits of user access controls including reviewing user access requests and access logs and producing audit reports to ensure that access is appropriate and in line with company policies and regulatory requirements.

• Assist with implementing and revising identity governance policy using IGA tools and technologies to ensure that privileged/admin access and non-privileged access are appropriately differentiated with an emphasis on SOD analysis and controls.

• Design implement and test SOX controls related to user access and data security with a focus on compliance with SOX and other relevant security regulations.

• Support the Access and Data Management where needed with a primary focus on the security policy of user provisioning across multiple systems emphasizing separation of duties (SOD) analysis and controls.

• Other duties as assigned.

Qualifications

• 5+ years of experience in security including knowledge of healthcare regulatory frameworks IDS/IPS devices and experience with audit tools to perform user access audits and produce audit reports. Familiarity with SOX-related auditing strongly preferred.

• 5+ years of experience in technical project management

• 3+ years of experience or close collaboration with access and data management/user provisioning with a focus on lifecycle management.

• Experience in a healthcare environment is strongly preferred.

• Experience with IAM/CIAM/IGA platforms strongly preferred.

• Experience with EHR is preferred - AthenaOne specifically.

• Bachelor's Degree in a related field or commensurate experience preferred.

The salary range for this role is $100000-$125000 in base pay and exclusive of any bonuses or benefits. This role is also eligible for an annual bonus targeted at 15% and restricted stock units. The base pay offered will be determined based on relevant factors such as experience education and geographic location.

Additional Information

Physical Demands:

Definition: works constantly at a computer or other workstation

• Ability to constantly remain in a stationary position

• Ability to constantly operate a computer and other office productivity machinery such as computer and printer

• Ability to read and use close vision including the ability to do so on a computer screen

• Ability to frequently communicate and exchange information

• Ability to frequently adjust focus

Technical Requirements (for remote workers):

In order to successfully work remotely supporting our patients and providers we require a minimum of 5 MBPS for Download Speed and 3 MBPS for the Upload Speed. This should be acquired prior to the start of your employment. The best measure of your internet speed is to use online speed tests like https://www.speedtest.net/. This gives you an update as to how fast data transfer is with your internet connection and if it meets the minimum speed requirements. Work with your internet provider if you have questions about your connection. Employees who regularly work from home offices are eligible for expense reimbursement to offset this cost.

Technical Requirements (for remote workers only not applicable for onsite/in office work):

In order to successfully work remotely supporting our patients and providers we require a minimum of 5 MBPS for Download Speed and 3 MBPS for the Upload Speed. This should be acquired prior to the start of your employment. The best measure of your internet speed is to use online speed tests like https://www.speedtest.net/. This gives you an update as to how fast data transfer is with your internet connection and if it meets the minimum speed requirements. Work with your internet provider if you have questions about your connection. Employees who regularly work from home offices are eligible for expense reimbursement to offset this cost.

Privia Health is committed to creating and fostering a work environment that allows and encourages you to bring your whole self to work. Privia is a better company when our people are a reflection of the communities that we serve. Our goal is to encourage people to pursue all opportunities regardless of their age color national origin physical or mental (dis)ability race religion gender sex gender identity and/or expression marital status veteran status or any other characteristic protected by federal state or local law.