Senior Compliance Analyst

The Trust team (Governance, Risk, Compliance, and Privacy) provides comprehensive data governance through thoughtful partnership with Security, Product, Engineering, and Legal teams, and by developing strategies and processes that keep data protected in a dynamic healthcare landscape

Nuna is looking for a Compliance Analyst to support privacy and security functions across the organization. You will work with the Trust team to help to maintain and improve our compliance,  security, and privacy programs. This is an opportunity to bring innovative ideas and approaches to protecting sensitive data, while supporting and facilitating compliance with complex data standards and regulations such as HITRUST, HIPAA, ARS, SOC 1/2, CCPA,  NIST, and FedRAMP.

Promote activities that  secure the sensitive data that is entrusted to Nuna by managing many of our policies and processes: 

• Participate in ongoing compliance efforts across a number of frameworks such as HITRUST, HIPAA, ARS, SOC 1/2, CCPA,  NIST and FedRAMP.
• Perform audits and table top exercises to test and improve security across Nuna.
• Assist with vendor and customer risk assessments.
• Coordinate employee access rights to sensitive data.
• Help manage Business Associate Agreement (BAA) and Data Use Agreement (DUA) compliance requirements. 
• Review system-related information security plans throughout the organization’s network to ensure alignment with security best practices and compliance frameworks. 
• Partner with engineering and product teams to ensure products in development comply with applicable compliance frameworks.

Help improve the company’s security and privacy compliance stance overall: 

• Assist in the creation of policies and compliance standards with Nuna Security, Engineering, IT, and Legal. 
• Lead audit walkthroughs and process of audit evidence collection and review for internal and external audit engagements.
• Conduct security and privacy compliance training programs across the organization, including conducting training and information sessions.
• Work with senior Security, Leadership, Product and Engineering teams, along with Trust, and Legal team members to convert laws, regulations, contractual obligations and industry best practices into business and functional requirements.

Maintain security and privacy subject matter knowledge of current standards and developments: 

• Remain current on advancements in information security and privacy technologies and changing applicable federal and state security and privacy laws and standards to ensure organizational adaptation and compliance.

• 3 - 5 years of experience in security compliance, preferably in the healthcare industry. Privacy experience is a plus.
• Experience with HIPAA security and privacy rules, HITRUST, ARS, SOC 1/2, CCPA,  NIST and FedRAMP compliance frameworks. 
• Strong security and privacy awareness. 
• Curiosity and willingness to learn.
• Exemplary communication skills, both written and verbal; public speaking a plus.

• • Experience with compliance on AWS infrastructure.
  • Experience with health data privacy compliance.
  • Experience with building information security policies and procedures.
  • Experience conducting incident related investigations. 
  • Security, Privacy, or other Healthcare Compliance Certifications (CISA, CISM, CIPP, CHPC, CISSP, HITRUST CCSFP).