Sr. Security Analyst - IT Security Governance, Risk, Compliance

Medica is seeking an experienced Sr. Security Analyst. This role is ideal for a detail oriented, highly technical analyst with a depth of experience in IT security, risk, and compliance. This individual is someone who thrives in a mission-driven, healthcare-focused organization and is passionate about ensuring efficiency, scalability, financial integrity and compliance.

We're a team that owns our work with accountability, makes data-driven decisions, embraces continuous learning, and celebrates collaboration - because success is a team sport. It's our mission to be there in the moments that matter most for our members and employees. Join us in creating a community of connected care, where coordinated, quality service is the norm and every member feels valued.

The Sr. Security Analyst serves as a member of the Security Governance, Risk, and Compliance team to maintain the confidentiality, integrity and availability of sensitive company information. Responsibilities include subject areas such as: HIPAA, HITRUST SOC2, PCI, risk management, third party risk management and annual awareness training. This role is expected to design and develop programs to improve security standards, processes, procedures and solutions. The Sr. Security Analyst is accountable for assisting in designing, building, testing and implementing security systems and solutions within Medica.

Key Accountabilities:

• Third Party Risk Assessment: assess third party security programs, develop monthly reporting, enhance existing processes
• Audit and Compliance Leadership: lead coordination of HITRUST, SOC2, SOC1 audits, lead responses to customer audit requests
• Policy Oversite: facilitate updates of security policies and standards, ensure adherence with HIPAA and HITRUST
• Awareness Training: facilitate annual security awareness training including assisting with content creation and review, execute updates to end user training

Qualifications:

• Bachelor's degree or equivalent experience in related field
• 5 years of related work experience beyond the degree
• Prior experience managing external auditors such as PWC or Baker Tilly
• IT security compliance experience with working knowledge of common IT security acronyms

Skills and Abilities

• Experience with Third Party Assessments
• Prior experience with a GRC tool such as Archer, LogicGate, Inovaare
• Demonstrated experience working with auditors, vendors, and third party partners
• Experience with security policy development and review

This position is an Office role, which requires an employee to work onsite at our Minnetonka, MN or Madison, WI office, on average, 3 days per week.

The full salary grade for this position is $100,300 - $172,000. While the full salary grade is provided, the typical hiring salary range for this role is expected to be between $100,300 - $150,465. Annual salary range placement will depend on a variety of factors including, but not limited to, education, work experience, applicable certifications and/or licensure, the position's scope and responsibility, internal pay equity and external market salary data.In addition to base compensation, this position may be eligible for incentive plan compensation in addition to base salary. Medica offers a generous total rewards package that includes competitive medical, dental, vision, PTO, Holidays, paid volunteer time off, 401K contributions, caregiver services and many other benefits to support our employees.

The compensation and benefits information is provided as of the date of this posting. Medica's compensation and benefits are subject to change at any time, with or without notice, subject to applicable law.

Eligibility to work in the US: Medica does not offer work visa sponsorship for this role. All candidates must be legally authorized to work in the United States at the time of application. Employment is contingent on verification of identity and eligibility to work in the United States.

We are an Equal Opportunity employer, where all qualified candidates receive consideration for employment indiscriminate of race, religion, ethnicity, national origin, citizenship, gender, gender identity, sexual orientation, age, veteran status, disability, genetic information, or any other protected characteristic.