FinThrive
About the Role
The Senior Cybersecurity Risk Analyst will embrace risk management best practices to ensure FinThrive, its software solutions, and infrastructures adhere to contractual, regulatory, and policy requirements. As a member of the Information Security team, you will support risk management oriented and compliance driven activities in coordination with our GRC, Software Development, Cloud Operations, and Product Management teams.
What you will do
Security Compliance Coordination
Lead collaborative engagement with technical and non-technical teams to provide guidance and oversight in maintaining compliance with NIST 800-171 and specific FAR clauses
Partner with internal control owners, including technical subject matter experts, to ensure alignment with policies, requirements, and regulations
Ensure the effectiveness of risk management controls through rigorous monitoring and documentation support for both internal and external audits
Leverage GRC software to facilitate tracking of control compliance and identified risks
Policy & Documentation
Lead the annual security policy review and update process
Ensure appropriate documentation (procedures, SSPs, etc.) is developed to support regulatory, contractual, and policy requirements
Security Awareness Training
Participate in advancing FinThrive's Security Culture and Behavior Awareness program through formal and informal training sessions
Security Risk Management
Shape the evolution of our risk management program, helping build and refine processes that scale with our growing organization
Perform risk assessments, identify gaps, and ensure findings / metrics are communicated for leadership visibility
Propose recommendations and proactively advise as we embrace continual improvement of the information security program
Perform various other duties or special projects as requested based on department objectives
What you will bring
Bachelors Degree in Business Administration, Information Systems, or similar
6+ years of experience in an information security role
Experience establishing, monitoring, and improving security or compliance programs
Experience with NIST 800-53, 800-171, FAR, or FedRAMP
In depth knowledge of cybersecurity, regulatory governance, and IT security practices
Relevant professional certification (e.g. CISA, CISSP, CRISC, or similar)
Experience with GRC software (Archer, OneTrust, Drata, etc.)
Demonstrated ability to define issues, collect data, establish facts and draw valid conclusions
Demonstrated ability to prioritize multiple tasks and meet deadlines with supervision
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
What we would like to see
Prior experience in healthcare and expertise with HIPAA or HITRUST
Experience identifying and assessing risk of cloud computing platforms (Azure preferred)
Experience working for technology companies or SaaS providers
About FinThrive FinThrive is advancing the healthcare economy.
For the most recent information on FinThrive's vision for healthcare revenue management visit finthrive.com / why-finthrive .
FinThrive's Core Values and Expectations
Demonstrate integrity and ethics in day-to-day tasks and decision making, adhere to FinThrive's core values of being Customer-Centric, Agile, Reliable and Engaged, operate effectively in the FinThrive environment and the environment of the work group, maintain a focus on self-development and seek out continuous feedback and learning opportunities
Support FinThrive's Compliance Program by adhering to policies and procedures pertaining to HIPAA, FCRA, GLBA and other laws applicable to FinThrive's business practices; this includes becoming familiar with FinThrive's Code of Ethics, attending training as required, notifying management or FinThrive's Helpline when there is a compliance concern or incident, HIPAA-compliant handling of patient information, and demonstrable awareness of confidentiality obligations
Physical Demands The physical demands and work environment characteristics described here are representative of those that a colleague must meet to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Statement of EEO FinThrive values diversity and belonging and is proud to be an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. We're committed to providing reasonable accommodation for qualified applicants with disabilities in our job application and recruitment process.
FinThrive Privacy Notice for California Resident Job Candidates
Know Your Rights
Pay Transparency Notice FinThrive is an Equal Opportunity Employer and ensures its employment decisions comply with principles embodied in Title VII, the Age Discrimination in Employment Act, the Rehabilitation Act of 1973, the Vietnam Veterans Readjustment Assistance Act of 1974, Executive Order 11246, Revised Order Number 4, and applicable state regulations.
2024 FinThrive. All rights reserved. The FinThrive name, products, associated trademarks and logos are owned by FinThrive or related entities. RV092724TJO
finthrive.com | FinThrive Careers | FinThrive Benefits & Perks | Physical Demands
#J-18808-Ljbffr
What you will do
Security Compliance Coordination
Lead collaborative engagement with technical and non-technical teams to provide guidance and oversight in maintaining compliance with NIST 800-171 and specific FAR clauses
Partner with internal control owners, including technical subject matter experts, to ensure alignment with policies, requirements, and regulations
Ensure the effectiveness of risk management controls through rigorous monitoring and documentation support for both internal and external audits
Leverage GRC software to facilitate tracking of control compliance and identified risks
Policy & Documentation
Lead the annual security policy review and update process
Ensure appropriate documentation (procedures, SSPs, etc.) is developed to support regulatory, contractual, and policy requirements
Security Awareness Training
Participate in advancing FinThrive's Security Culture and Behavior Awareness program through formal and informal training sessions
Security Risk Management
Shape the evolution of our risk management program, helping build and refine processes that scale with our growing organization
Perform risk assessments, identify gaps, and ensure findings / metrics are communicated for leadership visibility
Propose recommendations and proactively advise as we embrace continual improvement of the information security program
Perform various other duties or special projects as requested based on department objectives
What you will bring
Bachelors Degree in Business Administration, Information Systems, or similar
6+ years of experience in an information security role
Experience establishing, monitoring, and improving security or compliance programs
Experience with NIST 800-53, 800-171, FAR, or FedRAMP
In depth knowledge of cybersecurity, regulatory governance, and IT security practices
Relevant professional certification (e.g. CISA, CISSP, CRISC, or similar)
Experience with GRC software (Archer, OneTrust, Drata, etc.)
Demonstrated ability to define issues, collect data, establish facts and draw valid conclusions
Demonstrated ability to prioritize multiple tasks and meet deadlines with supervision
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
What we would like to see
Prior experience in healthcare and expertise with HIPAA or HITRUST
Experience identifying and assessing risk of cloud computing platforms (Azure preferred)
Experience working for technology companies or SaaS providers
About FinThrive FinThrive is advancing the healthcare economy.
For the most recent information on FinThrive's vision for healthcare revenue management visit finthrive.com / why-finthrive .
FinThrive's Core Values and Expectations
Demonstrate integrity and ethics in day-to-day tasks and decision making, adhere to FinThrive's core values of being Customer-Centric, Agile, Reliable and Engaged, operate effectively in the FinThrive environment and the environment of the work group, maintain a focus on self-development and seek out continuous feedback and learning opportunities
Support FinThrive's Compliance Program by adhering to policies and procedures pertaining to HIPAA, FCRA, GLBA and other laws applicable to FinThrive's business practices; this includes becoming familiar with FinThrive's Code of Ethics, attending training as required, notifying management or FinThrive's Helpline when there is a compliance concern or incident, HIPAA-compliant handling of patient information, and demonstrable awareness of confidentiality obligations
Physical Demands The physical demands and work environment characteristics described here are representative of those that a colleague must meet to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Statement of EEO FinThrive values diversity and belonging and is proud to be an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status. We're committed to providing reasonable accommodation for qualified applicants with disabilities in our job application and recruitment process.
FinThrive Privacy Notice for California Resident Job Candidates
Know Your Rights
Pay Transparency Notice FinThrive is an Equal Opportunity Employer and ensures its employment decisions comply with principles embodied in Title VII, the Age Discrimination in Employment Act, the Rehabilitation Act of 1973, the Vietnam Veterans Readjustment Assistance Act of 1974, Executive Order 11246, Revised Order Number 4, and applicable state regulations.
2024 FinThrive. All rights reserved. The FinThrive name, products, associated trademarks and logos are owned by FinThrive or related entities. RV092724TJO
finthrive.com | FinThrive Careers | FinThrive Benefits & Perks | Physical Demands
#J-18808-Ljbffr