Title: Compliance Analyst




Basic Company Info: Large Health Care and Health Plan Organization



Location Details: Remote



Start: ASAP



Duration: 6 month contract to hire



Converting Salary: 80-105K




Must Have:



Bachelor's Degree. Or 5-7 years of experience in lieu of degree.


3-5 yrs exp writing and negotiating cyber and vendor contracts


2+ yrs security assessment experience.


Knowledge of Control frameworks


Technical business expertise and clauses and contracts.



Plus:




Certifications: CRISC, Profssional 3 rd party risk management.



Cyber Security - GRC




Senior Compliance Analyst



The Senior Cybersecurity Contract Compliance Analyst will be a member of the Cyber Security GRC Team reporting to the Third-Party Risk Manager and is responsible for defining standard cybersecurity contractual terms, negotiating those terms and working with the business to identify their contracting risks. This role will also assist with customer security reviews and responding to audits. This role will work closely with the product leadership, legal, privacy and cybersecurity teams to support contracting needs for company clients and third-party suppliers.



Job Responsibilities:


Educating and counseling business partners on security terms, and work proactively with them to identify, mitigate and address cybersecurity contracting risks.


Work with commercial teams to ensure client contracts and agreements with third party vendors include appropriate cybersecurity terms.


Draft, review, and negotiate cybersecurity language for company's client, supplier, and third-party agreements.


Work collaboratively within the company cybersecurity organization to ensure that templates and negotiation positions are updated and reflect the internal security posture and external requirements.


Manage intake of client and vendor contract engagements. Negotiate directly with clients, suppliers, and third parties.


Communicate with external clients to foster an understanding and confidence in the company's cyber security program.


Support cybersecurity functions including risk management, security audits and customer security reviews.


Develop and mature GRC program, dashboards and reports to inform risk prioritization, risk remediation, and management decision making


Analyze existing and new legislative and regulatory developments to ensure that company understands and stays in sync with evolving requirements



Qualifications:



3+ years' experience writing and negotiating cybersecurity contract requirements 2+ years of experience conducting security assessments preferred.


Basic understanding of all components of cyber security; knowledge of common security frameworks, such as: HIPAA, HITRUST, ISO 27001/27002, NIST CSF.


Technical and functional knowledge of various information security solutions, technologies, and industry-leading practices, allowing this role to provide recommendations, support key decisions, and contribute to industry forums.


Technical and business expertise to drive information security requirements/ clauses in contracts, together with people skills to negotiate requirements with third-party representatives.


Ability to prioritize and organize simultaneous tasks to ensure all requests are


completed in a timely and accurate manner.


Ability to think strategically about risk vs. business value; Strong oral and written communication skills and negotiation skills.


Ability to handle sensitive/confidential information requiring a high level of discretion, respect, and integrity.


Exercises good judgment and recognizes when to ask for help or escalate issues.


Demonstrates strong people skills and ability to work with individuals at all levels and in all areas of the organization.


Ability to use common business technology, including MS Office.


Work in a fast-paced environment managing multiple changing priorities


Ability to provide reporting and metrics around work function on a regular basis


Experience in lieu of Bachelor's Degree


5+ years of relevant experience with degree


7+ years of relevant experience without degree


Beacon Hill is an Equal Opportunity Employer that values the strength diversity brings to the workplace. Individuals with Disabilities and Protected Veterans are encouraged to apply.



California residents: Qualified applications with arrest or conviction records will be considered for employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.


If you would like to complete our voluntary self-identification form, please click here or copy and paste the following link into an open window in your browser: https://jobs.beaconhillstaffing.com/eeoc/


Completion of this form is voluntary and will not affect your opportunity for employment, or the terms or conditions of your employment. This form will be used for reporting purposes only and will be kept separate from all other records.


Company Profile:


Beacon Hill Technologies, a premier National Information Technology Staffing Group, provides world class technology talent across all industries utilizing a complete suite of staffing services. Beacon Hill Technologies' dedicated team of recruiting and staffing experts consistently delivers quality IT professionals to solve our customers' technical and business needs.


Beacon Hill Technologies covers a broad spectrum of IT positions, including Project Management and Business Analysis, Programming/Development, Database, Infrastructure, Quality Assurance, Production/Support and ERP roles.


Learn more about Beacon Hill and our specialty divisions, Beacon Hill Associates, Beacon Hill Financial, Beacon Hill HR, Beacon Hill Legal, Beacon Hill Life Sciences and Beacon Hill Technologies by visiting www.bhsg.com .


We look forward to working with you.


Beacon Hill. Employing the Future™