About Us:

CyncHealth is a statewide Health Information Exchange (HIE) with a purpose to achieve health care transformation through community betterment and collaboration while protecting the security and privacy of medical information. Join our team to play a key role in leading a health data utility, advancing interoperability, and improving healthcare.

Position Summary:

The Governance, Risk, and Compliance (GRC) Analyst is responsible for enabling CyncHealth’s mission by safeguarding information through maintaining policies and procedures, identifying and managing risks, and conducting audits and remediation.

Responsibilities:

• Draft and maintain policies in alignment with 42 CFR Part 2, HIPAA, NIST 800-53, SOC 2 Type II, and all applicable laws and regulations.
• Develop and update procedures and technical documentation in support of operations and as required by established security controls.
• Perform security control and compliance gap assessments when regulations and frameworks change and recommend solutions and mitigations.
• Conduct first party risk assessments on administrative, physical, and technical security controls and recommend solutions and mitigations.
• Respond to second party risk assessments and evaluate suspected or known second-party security incidents for appropriate response activities.
• Conduct third party (and n^th party) risk assessments and contract due diligence to make recommendations to manage vendor risk.
• Maintain the risk register, ensuring risks in excess of the risk tolerance are reported to leadership and properly managed.
• Oversee the vulnerability lifecycle management program to ensure all systems are scanned and that all risks are resolved or tracked.
• Track and ensure security operations are performed according to security control design, including appropriate recurrence, depth, and documentation.
• Gather, format, and submit evidence for external audits, particularly NIST 800-53 Moderate baseline and SOC 2 Type II annual audits.
• Coordinate audit evidence gathering with internal and external stakeholders to ensure evidence meets audit requirements.
• Collaborate with security engineers and TechOps staff to design and evaluate security controls for new and existing systems and environments.
• Assist security engineers and TechOps staff with troubleshooting and appropriately responding to incidents, both security and technical in nature.
• Develop and maintain up-to-date documentation and diagrams for security tools, system environments, and cloud operations; foster a culture of documentation and evidence.
• Stay up to date with the latest cloud security threats, vulnerabilities, and trends. Share insights to support a culture of continuous learning.
• Collaborate with users to discuss computer data access needs, to identify security threats and violations, and to identify and recommend needed programming or process changes to promote security awareness.
• Act as a liaison across cross functional teams.
• Follow all CyncHealth and applicable regulatory security protocols and procedures.
• Protect assets and the integrity, security and privacy of information entrusted to or maintained by the organization.
• Model CyncHealth code of conduct.
• Other duties as assigned.

Experience/Requirements:

• Bachelor’s degree in computer science, information security or related field required. Relevant work experience may be considered as an alternative.
• Minimum 3 years of experience working with, securing, or auditing cloud infrastructure preferred.
• Ability to identify, remediate, and document complex security risks.
• A recognized cybersecurity certification that demonstrates advanced knowledge and experience (e.g., CISSP, GIAC, CISA, GRCP, etc.) preferred.
• Experience in one of the major cloud service providers preferred. Experience with AWS strongly preferred.
• Advanced knowledge of virtual firewalls, IPSEC VPN tunnels, and networks in AWS cloud environment.
• Experience auditing native AWS Security Services.
• Experience with vulnerability management programs, including identification, remediation, and reporting.
• Advanced understanding of security concepts and tools - Certificates, DLP, WAF, SIEM, firewalls, DDOS prevention, IDS/IPS, privileged access management, encryption, SSL, VPN, IPSec, TCP/IP, DNS and web security architecture etc.
• Prior experience with CSFs, including NIST, HITRUST, ISO 27001, or others.
• Excellent verbal and written communication skills.
• Organized with attention to detail.
• Ability to maintain strict confidentiality.

Expectations:

• Ability to work on a computer for extended periods of time.
• Ability to stand or sit for extended periods of time.
• Hours are generally Monday-Friday, 8:00 AM-5:00 PM. As operational deliverable deadlines emerge there will likely be extended working hours.
• Light work requiring exertion up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly to move objects.
• Ability to work from La Vista, NE office with reliable and predictable attendance.

Benefits:

• Medical, Dental, & Vision
• 20 days paid time off annually + 9 paid holidays annually.
• Long & short-term disability (fully paid by CyncHealth)
• Life Insurance (fully paid by CyncHealth)
• 401(k) with 4% matching & immediate vesting
• Parental Leave
• Pet Insurance
• Other voluntary benefits

Disclaimer:
The above statements are intended to describe the general nature and level of work being performed by individuals assigned to this position. The statements are not intended to be construed as an exhaustive list of all responsibilities, duties, and skills required for this position.

Must be authorized to work in the United States.