Information Assurance Specialist

Nox Health is a wake-up call for healthcare providers, payers, and sleep-deprived people everywhere - so you can do more to improve sleep health than ever before. Most people have been left in the dark when it comes to all the different health issues impacted by sleep. Even those who are aware of the issues have very limited tools and programs to tackle them with. Nox Health provides one source for everything from the world's most advanced diagnostics to medical programs that actually work

We are looking for an Information Assurance Specialist to join our team! The Information Assurance Specialist will support the operation of Nox Health Group, Inc (Nox Health) and all associated business units by assessing, evaluating and reporting on the security posture of organization to ensure compliance with security standards and regulations such as ISO 27001, HIPAA, HITRUST, SOC2, PCI DSS, and other relevant standards. An Information Assurance Specialist will work with relevant departments and business units to identify and mitigate security risks, ensure data confidentiality, integrity, and availability, and maintain compliance with regulations.

Responsibilities

• Performing regular internal audits of the organization's information security infrastructure, policies, and procedures to assess compliance with relevant regulatory standards.
• Developing audit plans based on regulatory requirements and organizational goals to ensure that audits are comprehensive and effective.
• Assessing the effectiveness of the organization's security controls and identifying any gaps in compliance.
• Reviewing organization's policies and procedures to ensure that they are up-to-date, comply with regulatory standards, and are being followed by employees.
• Reviewing and analyzing technical security controls such as access controls, firewalls, and intrusion detection systems to ensure they are effective.
• Documenting and reporting audit findings to relevant stakeholders and recommending remediation actions.
• Conducting risk assessments to identify potential risks to the organization's information assets and provide recommendations for risk mitigation.
• Staying up-to-date on regulatory requirements and industry best practices to ensure that audits are conducted in compliance with relevant standards.
• Working collaboratively with technical and business teams to ensure that audits are comprehensive and effective.
• Collaborating with external auditors to plan, assist, and conduct assessments to validate security and compliance of policies, processes and technologies.
• Assisting in security program improvements by analyzing security program maturity, providing feedback and ideas to refine and improve policies, capabilities and processes.
• Participating in cross-functional working groups to manage overall security, privacy, and compliance governance.
• Staying up-to-date with the latest security threats, vulnerabilities, and best practices.

Requirements

• Bachelor's degree in information assurance, computer science, information systems, or a related field.
• Relevant security certifications such as CISSP, CISA, CISM, or CRISC are preferred
• Knowledge of ISO27001, HIPAA, HITRUST, SOC2, and PCI DSS standards.
• Experience in conducting IT and security audits and assessments.
• Familiarity with cloud infrastructure and cloud security best practices.
• Strong technical background in IT and security.
• Excellent communication and interpersonal skills.
• Strong analytical and problem-solving skills.
• Ability to work independently and as part of a team.
• Ability to document processes and write audit reports.
• Attention to detail and the ability to work under pressure.
• Ability to travel, if necessary.
• Ability to speak effectively and professionally on the telephone, video, in front of an audience, with client contacts at all levels, and with fellow employees of the organization.
• Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited standardization exists. Ability to interpret a variety of instructions furnished in written, oral, diagram, or schedule form.
• Ability to accurately document notes, write routine reports and correspondence.

Benefits

• Medical, Dental, Vision Insurance
• 401K and 401K Matching
• PTO