Altamed · Commerce, CA 90040Prepare for this interview
EliteAI-generated questions, company research, and talking points tailored to this role
Grow Healthy If you are as passionate about helping those in need as you are about growing your career, consider AltaMed. At AltaMed, your passion for helping others isn't just welcomed - it's nurtured, celebrated, and promoted, allowing you to grow while making a meaningful difference. We don't just serve our communities; we are an integral part of them. By raising the expectations of what a community clinic can deliver, we demonstrate our belief that quality care is for everyone. Our commitment to providing exceptional care, despite any challenges, goes beyond just a job; it's a calling that drives us forward every day. Job Overview The Senior Analyst, Information Security Governance, Risk, & Compliance will be responsible for the corporate-wide Information Security GRC program. This person will work closely with Information Services, Office of Compliance and Risk Management (OCRM), Legal, HR, and Procurement to ensure reasonable and appropriate IT controls are in place to minimize risk and ensure compliance with AltaMed's Information Security Policy and Standards, the HIPAA Security Rule, Data Privacy regulations and the Payment Card Industry - Data Security Standards (PCI-DSS). This person will assist with the development, implementation, and maintenance of AltaMed's Information Security Policies, standards, and guidelines, and be an SME for HIPAA, PCI, and Privacy. Additionally, this person will also be responsible for leading vulnerability management efforts, and vendor and risk management programs, including leading the risk-based change management program, liaising with internal/external auditors to ensure audits lead to a successful outcome, and being responsible for the Security Exception/Risk Acceptance process. The position will also manage, maintain, and administer the company's IT Risk Register and Information Security Awareness Training program. Minimum Requirements A bachelor's degree in business, information systems management, or a related field is required. A minimum of 5 years of experience in IT audit or IT risk management is required. Experience in leading security assessments, IT vendor risk assessments, and InfoSec control management. Working knowledge of HIPAA, Privacy, and PCI data requirements, and other state / federal regulatory requirements of sensitive information. Experience with application security, SaaS, and/or cloud security is a plus. Must hold an active Certified Information Systems Security Professional (CISSP) certification.
How well this role fits your profile.
Worked at altamed? Share your experience