At Nuna, our mission is to make high-quality healthcare affordable for everyone. We are dedicated to tackling one of our nation’s biggest problems with ingenuity, creativity, and a keen moral compass.
Nuna is committed to simple principles: a rigorous understanding of data, modern technology, and most importantly, compassion and care for our fellow human. We want to know what really works, what doesn't—and why.
Nuna partners with healthcare payers, including government agencies and health plans, to turn data into learnings and information into meaning.
Compliance and Information Governance provides comprehensive data governance through thoughtful partnership with Product, Engineering, and Legal teams, and by developing strategies and processes that keep data protected in a dynamic healthcare landscape. This team creates and manages the Privacy and Security programs to ensure that data is protected.
Nuna is looking for a Compliance Analyst to support privacy and security functions across the organization. You will work closely with Governance, Risk, Compliance, Privacy, and legal staff to help to maintain and improve our privacy and security programs. This is an opportunity to bring innovative ideas and approaches to protecting sensitive data, while supporting and facilitating employee compliance with complex data standards and regulations such as HITRUST, HIPAA, SOC 2, ISO27K Series and ARS.
Promote activities that secure the sensitive data that is entrusted to Nuna by managing many of our policies and processes:
- Review and triage data loss prevention (DLP) alerts and the fine-tune solutions.
- Coordinate employee access rights to protected data.
- Help manage Business Associate Agreement (BAA) compliance requirements.
- Review all system-related information security plans throughout the organization’s network to ensure alignment with security best practices.
- Partner with engineering and product teams to ensure products in development comply with applicable compliance regimes.
- Participate in ongoing risk assessments and remediation efforts across a number of frameworks such as GAAP, HITRUST, SOC and HIPAA, ISO27K Series, ARS and assist with vendor and customer risk assessments.
Help improve the company’s security and privacy compliance stance overall:
- Assist in the creation of policies and compliance standards with Nuna Security, Engineering, IT, and Legal.
- Perform audits and table top exercises to test and improve security across Nuna.
- Conduct privacy and security compliance training programs across the organization, including conducting training and information sessions.
- Work with senior Leadership, Product and Engineering teams, along with Compliance, and Legal team members to convert laws, regulations, contractual obligations and industry best practices into business and functional requirements.
Maintain security and privacy subject matter knowledge of current standards and developments:
- Remain current on advancements in information privacy and security technologies and changing applicable federal and state privacy laws and standards to ensure organizational adaptation and compliance.
- 2+ years of experience in security compliance, preferably in the healthcare industry. Privacy experience is a plus.
- Experience with HIPAA security and privacy rules, ARS, SOC2, or HITRUST compliance regimes.
- Strong security and privacy awareness.
- Exemplary communication skills, both written and verbal; public speaking a plus.
- Experience with health data privacy compliance.
- Experience assessing and mitigating vendor risk.
- Experience conducting incident related investigations.
Nuna is an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetics and/or veteran status.