Working within the Information Security department, the SOC2 Analyst will support governance, risk, and compliance initiatives and perform key day-to-day activities to help deploy and maintain the SOC2 attestation portfolio. This individual will help create and maintain risk assessments to facilitate scoping and defining boundaries of the system. This individual will facilitate control mapping, control gap identification, gap remediation and mitigation. This individual will assist in ensuring compliance to SOC2 SSAE 18 AICPA reporting standards along with an understanding of the Security, Availability, Confidentiality, Processing Integrity, and Privacy Trust Service Principles. ESSENTIAL FUNCTIONS Develop and maintain SOC2 scoping documentation including system understanding, process flows, and system infrastructure diagrams. Perform control alignment validation Facilitate in identifying controls gaps ensuring sufficient remediation plans and tracking to timely resolution Provide information for status reports and support stakeholder communications. Facilitate system and control understanding walkthrough meetings Update and maintain system and process narratives Support GRC tool implementation and workflows. Minimum Requirements 4 years experience in administering security controls in an organization Critical Skills Bachelor's degree from an accredited program in information systems or related field, or equivalent experience required 4 years of information security risk management or IT compliance\/assurance experience required; IT compliance experience 1 years of process and\/or tool engineering activity, preferably in the information risk space required Experience with SOC2 reporting engagements, and Security, Availability, Confidentiality, Privacy, and Processing Integrity Trust Service Principles. Information technology risk management experience and proven ability to meet deadlines. Understanding of information risk management concepts. Ability to adapt in a dynamic work environment, learns quickly, solve problems, and make decisions with minimal supervision. Demonstrated ability to coordinate people and teams cross functionally to resolve complex issues with designated time frames. Ability to develop process documentation. Knowledge of PCI, ISO 27001, FISMA, and SOX requirements preferred Knowledge of GRC tools and CISA preferred Additional Knowledge & Skills Proficient ability to generate reports for management consumption Working knowledge of risk assessment and mitigation techniques Proficient knowledge of identifying technology-related risks, developing mitigation steps, and implementing remediation Proficient analytical and organizational skills to optimize processes and procedures Demonstrated detail orientation to ensure business continuity and recovery plans are complete and current Proficient project planning skills, including the ability to organize, prioritize and control job responsibilities in order to meet deadlines in an environment with overlapping and potentially conflicting priorities Proficient ability to communicate effectively with others using spoken and written English Proficient ability to work collaboratively with others; conduct working relationships in a manner acceptable to others and to the organization Proficient ability to remain effective under stress, and respond to pressure in a manner acceptable to others and to the organization Proficient knowledge of Windows-based business computers and Microsoft Office programs; specifically, Access, Excel, Outlook, PowerPoint and Word Demonstrated ability to model customer-focused behaviors leading to outstanding customer experiences Consistently demonstrates a commitment to policies and procedures, including but not limited to, attendance, confidentiality, conflict of interest, and ethical responsibilities . Education 4-year degree in computer science or related field or equivalent experience Physical Requirements General Office Demands Benefits & Company Statement Change Healthcare is one of the largest, independent healthcare technology companies in the United States. We are a key catalyst of a value-based healthcare system \u2013 working alongside our customers and partners to accelerate the journey towards improved lives and healthier communities. We provide software and analytics, network solutions and technology-enabled services that help our customers obtain actionable insights, exchange mission-critical information, control costs, optimize revenue opportunities, increase cash flow and effectively navigate the shift to value-based healthcare. Our solutions enable improved efficiencies and insights for all major stakeholders across the healthcare system, including commercial and governmental payers, employers, hospitals, physicians and other providers, laboratories and consumers. Change Healthcare is an equal opportunity and affirmative action employer \u2013 minorities\/females\/veterans\/persons with disabilities. Qualified applicants will not be disqualified from consideration for employment based upon criminal history. Agency Statement No agencies please.
Website : http://www.changehealthcare.com
Intelligent Healthcare Networktm The single largest financial and administrative network in the U.S. healthcare system, reaching 750k physicians, 105k dentists, 60k pharmacies, 5k hospitals, 600 vendors, 450 laboratories, and 1,200 government and commercial payers.