Continuity & Security Assurance Analyst

Responsibilities

• Develop and execute security, compliance, and risk assessment plans aligned to regulatory requirements, industry standards, and G.E.H.A policies.
• Monitor security programs and systems, analyze logs and activities, and identify control gaps, anomalies, or areas of elevated risk.
• Perform audits across key control areas, including Data Loss Prevention (DLP), inbound email security/quarantine processes, and user access management.
• Perform and support periodic user access control reviews, including validation of user entitlements, identification of inappropriate or excessive access, coordination with business owners, and tracking remediation of identified issues.
• Review and troubleshoot compliance requests to ensure alignment with G.E.H.A security policies, standards, and applicable legal/regulatory requirements.
• Conduct ongoing compliance monitoring activities, including documentation, evidence collection, and remediation tracking for identified issues.
• Evaluate existing processes and controls, identify areas for improvement, and develop actionable remediation plans to strengthen compliance and security posture.
• Support internal and external audits by preparing documentation, coordinating responses, and validating control effectiveness.
• Create, maintain, and enhance security documentation, procedures, and control artifacts to support governance and audit readiness.
• Support the execution of security awareness and training initiatives.
• Contribute to the development and continuous improvement of programs that ensure the availability and resilience of G.E.H.A's information systems and data.
• Support the Business Continuity and Disaster Recovery (BCDR) program, including planning, documentation, testing, and continuous improvement activities.
• Assist in the Third Party Risk Management program, including review and analysis of third-party maturity assessments, SOC reports, and HITRUST certifications.
• Monitor third-party security posture and identify risks, gaps, and opportunities for improvement across G.E.H.A's vendor ecosystem.
• Job Requirements:
• Experience and Education
• Bachelor's degree in Computer Science, Information Systems, or a related discipline.
• Three (3) or more years of experience in Information Technology, Information Security, IT Assurance, Risk Management, Governance, or Business Continuity.
• Equivalent combinations of education and additional experience may be considered in lieu of formal degree or certification requirements.
• Certifications
• One or more industry certifications such as: CISSP, HCISPP, CRMA, CGEIT, CRISC, CISM, CISA, CBCP, GIAC, or similar governance, risk, security, or BCDR certifications.
• Technical and Functional Knowledge
• Working knowledge of governance, risk, and compliance frameworks such as: COSO, COBIT, ITIL, ISO 31000, ISO 27002, ISO 22301, NIST CSF, NIST 800‑53, and SANS Critical Security Controls.
• Experience with enterprise Governance, Risk, and Compliance (GRC) platforms (e.g., Archer, MetricStream, LockPath, etc.).
• Proficiency with Microsoft Office applications.
• Skills and Competencies
• Strong analytical and problem-solving skills with the ability to identify risk and recommend practical solutions.
• Effective written and verbal communication skills, including the ability to translate technical risks into business-focused language.
• Ability to build relationships, influence stakeholders, and collaborate across multiple business units and teams.
• Strong organizational skills with the ability to manage multiple priorities in a fast-paced environment.
• Customer service orientation with a focus on delivering high-quality, accurate outcomes.
• Effective presentation and interpersonal skills.
• Work-at-home requirements
• Must have the ability to provide a non-cellular High Speed Internet Service such as Fiber, DSL, or cable Modems for a home office.
• A minimum standard speed for optimal performance of 30x5 (30mpbs download x 5mpbs upload) is required.
• Latency (ping) response time lower t

Benefits

Additional Information

Government Employees Health Association, Inc. (G.E.H.A) is a nonprofit member association that provides health and dental benefits that millions of federal employees and retirees, military retirees and their families have counted on since 1937. Offering one of the largest health and dental benefit provider networks available to federal employees in the United States, G.E.H.A empowers health and wellness by meeting its members where they are, when they need care. G.E.H.A has one mission: To empower federal workers to be healthy and well. The Continuity and Security Assurance Analyst supports G.E.H.A's Cybersecurity and Information Protection (CIP) program by executing security, compliance, and business continuity initiatives. This role is responsible for assessing controls, monitoring compliance with regulatory and internal standards, supporting audit activities, and contributing to the resilience and security posture of G.E.H.A's systems, data, and third-party relationships.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at geha? Share your experience