Sr. Information Security Risk & Compliance Analyst - CHG Medical Staffing
Salt Lake City, UT 84101
About the Job
CHG shook things up in 1979 by inventing the locum tenens staffing model. We connect doctors with patients who need their care. As the largest physician staffing firm in America, our providers treat millions of patients each year.
Our industry is growing and demand is high. This means you'll have plenty of opportunities to grow and develop in your career. Keeping healthcare healthy can be as fun as it is rewarding
As a key member of the CHG Information Security & Privacy team, you will contribute to enhancing and maintaining the confidentiality, integrity, and availability of CHG's systems and data.
As a Senior Information Security Risk & Compliance Analyst, your primary focus will be on achieving and maintaining SOC2 Certification. You will collaborate with cross-functional teams across the enterprise to validate, maintain, and gather evidence for security controls, policies, and procedures. You will be responsible for managing both the internal and external audit lifecycle for CHG and its subsidiaries. Additional responsibilities include, but are not limited to, assisting with risk management (identification, treatment, monitoring, and reporting), utilize GRC platform, tracking and operational metrics for the information security program.
The position requires rigorous attention to detail, positive influence, persistence, clear communication, a deep understanding of audit lifecycles, and strong interpersonal skills.
Responsibilities:
- Lead efforts to achieve SOC 2 compliance by assessing existing controls, identifying gaps, gathering evidence, and implementing necessary improvements.
- Collaborate with internal stakeholders to align processes with SOC 2 requirements.
- Utilize Drata, CHG's GRC Platform, to build a centralized evidence library to support audit lifecycle.
- Partner with cross-functional teams throughout the organization to develop workflows and document SOPs to align with SOC 2 requirements.
- Manage the end-to-end audit process, from planning to post-audit remediation.
- Coordinate and partner with external auditors and internal teams during audit engagements.
- Prepare documentation, evidence, and response for audit inquiries.
- Collaborate with the Information Security & Privacy teams to ensure that plans of action and milestones for non-compliant control remediation plans are established and communicated.
- Assist in maintaining and continually improving the company's Information Security Governance, Risk, and Compliance program.
- Communicate security risks and escalate to senior management, when applicable.
Qualifications:
- Extensive knowledge of IT Security frameworks (NIST, SOC, CIS, etc.).
- Experience in obtaining & managing security compliance certifications.
- Superior program management skills and capability to standardize and automate processes through existing or new company tools.
- Proactive, self-managed, and able to interface well with cross-functional teams across the organization.
- Experience working with auditors with a deep understanding of audit language, life cycles, and providing the right level of detail.
- Participate and share points of views and opinions in an open, honest, and respectful manner. Recognize and celebrate the success of co-workers and the team.
- Foster and maintain a highly collaborative environment with fellow team members. Welcome feedback and respond in a positive way.
- Excellent communication and relationship skills, especially the ability to articulate advanced technical topics to both technical and non-technical staff; ability to articulate business issues/concerns with staff, peers, superiors, and outside parties.
- Understanding of risk management frameworks and experience identifying, quantifying, and treating risks.
Education & Years of Experience:
- 5+ years of experience in Information Security Governance, Risk, and Compliance.
- Proficient understanding of, and experience with, audit, regulatory requirements, and standards (SOC2, NIST, CIS) and other related standards and certification processes required.
- Experience performing analysis utilizing GRC and Risk Management Solutions.
- Industry Certifications preferred but not required: CISA, CISSP, CCSP, CISM, CTPRP, CIPT, etc.
We believe in fair compensation for all of our people, which is why our pay structure takes into account the cost of labor across U.S. geographic markets. For this position, we offer a pay range of $57,900-- $176,000 annually, with pay varying depending on work location and job-related factors such as knowledge, position level and experience. During the hiring process, your recruiter can provide more information about the specific salary range for the job location.
CHG Healthcare offers starting salaries for sales positions in the form of total target compensation (TTC = base + commission + bonus), which includes base pay, commission, and bonuses. Sales positions receive short-term incentives through commission plans and bonuses. On the other hand, non-sales positions have starting salaries that consist of a base salary and short-term incentives through various bonus plans, which are paid out monthly, quarterly, or annually.
In return we offer:
• 401(k) retirement plan with company match
• Traditional healthcare benefits such as medical and dental coverage, and some unique benefits like onsite health centers, corporate wellness programs, and free behavioral health appointments.
• Flexible work schedules - including work-from-home options available
• Recognition programs with rewards including trips, cash, and paid time off
• Family-friendly benefits including paid parental leave, fertility coverage, adoption assistance, and marriage counseling
• Tailored training resources including free LinkedIn learning courses
• Volunteer time off and employee-driven matching grants
• Tuition reimbursement programs
Click here to learn more about our company and culture.
CHG Healthcare values a diverse and inclusive workforce. Interested in this role but not a perfect fit? Apply anyway.
We welcome applicants of any race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status and individuals with disabilities as an Affirmative Action/Equal Opportunity Employer. We are an at-will employer.