At Nuna, our mission is to make high-quality healthcare affordable and accessible for everyone. We are dedicated to tackling one of our nation’s biggest problems with ingenuity, creativity, and a keen moral compass.
Nuna is committed to simple principles: a rigorous understanding of data, modern technology, and most importantly, compassion and care for our fellow human. We want to know what really works, what doesn't—and why.
Nuna partners with healthcare payers, including government agencies, health plans, and employers, to turn data into learnings and information into meaning.
The Trust team (Governance, Risk, Compliance, and Privacy) provides comprehensive data governance through thoughtful partnership with Security, Product, Engineering, and Legal teams, and by developing strategies and processes that keep data protected in a dynamic healthcare landscape.
Nuna is looking for a Compliance Analyst to support privacy and security functions across the organization. You will work with the Trust team to help to maintain and improve our compliance, security and privacy programs. This is an opportunity to bring innovative ideas and approaches to protecting sensitive data, while supporting and facilitating compliance with complex data standards and regulations such as HITRUST, HIPAA, SOC 2, NIST and FedRAMP.
Promote activities that secure the sensitive data that is entrusted to Nuna by managing many of our policies and processes:
- Participate in ongoing compliance efforts across a number of frameworks such as HITRUST, SOC 1, SOC 2 and HIPAA, ISO27K Series and FedRAMP.
- Perform audits and table top exercises to test and improve security across Nuna.
- Assist with vendor and customer risk assessments.
- Coordinate employee access rights to sensitive data.
- Help manage Business Associate Agreement (BAA) and Data Use Agreement (DUA) compliance requirements.
- Review system-related information security plans throughout the organization’s network to ensure alignment with security best practices and compliance frameworks.
- Partner with engineering and product teams to ensure products in development comply with applicable compliance frameworks.
Help improve the company’s security and privacy compliance stance overall:
- Assist in the creation of policies and compliance standards with Nuna Security, Engineering, IT, and Legal.
- Lead audit walkthroughs and process of audit evidence collection and review for internal and external audit engagements.
- Conduct security and privacy compliance training programs across the organization, including conducting training and information sessions.
- Work with senior Security, Leadership, Product and Engineering teams, along with Trust, and Legal team members to convert laws, regulations, contractual obligations and industry best practices into business and functional requirements.
Maintain security and privacy subject matter knowledge of current standards and developments:
- Remain current on advancements in information security and privacy technologies and changing applicable federal and state security and privacy laws and standards to ensure organizational adaptation and compliance.
- 2+ years of experience in security compliance, preferably in the healthcare industry. Privacy experience is a plus.
- Experience with HIPAA security and privacy rules, HITRUST, SOC 1, SOC 2, ARS or FedRAMP compliance frameworks.
- Strong security, privacy and ethics awareness.
- Curiosity and willingness to learn.
- Exemplary communication skills, both written and verbal; public speaking a plus.
- Experience with compliance on AWS infrastructure.
- Experience with health data privacy compliance.
- Experience with building information security policies and procedures.
- Experience conducting incident related investigations.
- Security, Privacy, or other Healthcare Compliance Certifications (CISA, CISM, CIPP, CHPC, CISSP, HITRUST CCSFP).
Nuna is an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetics and/or veteran status.