Note: The job is a remote job and is open to candidates in USA. Judi Health is an enterprise health technology company that provides comprehensive solutions for employers and health plans. The IT Security & Compliance Analyst will work collaboratively within the IT department to identify and manage security risks, implement and monitor security compliance, and respond effectively to audits.
Responsibilities
• Collaborate with the engineering departments to implement security controls from approved security frameworks and drive best IT practices
• Interface with internal partner teams to help drive best practices and compliance
• Evaluate and perform Risk Assessments of new software solutions with internal partners
• Drive deployment of new systems/solutions as needed
• Write procedure documentation for end users as needed to facilitate process improvement
• Help develop IT security training content and drive completion of required security training in collaboration with Human Resources
• Respond to complex security questionnaires, RFP/RFI requests, and client audits
• Facilitate end-to-end evidence gathering for external audits, ensuring all technical and administrative artifacts align strictly with security control requirements and regulatory frameworks
• Evaluate, identify, and remediate the risks associated with current vendors, new vendor acquisitions, and consumer data exchanges
• Perform risk oversight tasks of vendor security compliance
• Help run Internal, external and vendor related audits
• Conduct security analysis of deployed software
• Monitor for risks to the enterprise and to implemented controls
• Identify, maintain, and publish the requirements for the IT department to achieve compliance and privacy standards in SOC 2, HITRUST, FedRAMP, and other frameworks
• Work with the internal team in communicating related security notifications and IT controls within the organization while collaborating with teams and vendors on changes, remediations, and updates
• Experience with incident management Drive use cases to enable threat detection and hunting based on threat intelligence frameworks
• Experience with Agile and/or Kanban with emphasis on Scrum to drive continuous process improvement
• Perform Access Reviews
Skills
• Experience related to duties and responsibilities
• Experience working in Governance, Risk, and Compliance
• A customer-oriented approach to problem resolution
• Experience with IT control auditing and compliance
• Working knowledge of Software Development Lifecycle concepts and processes
• Working knowledge of cloud providers with respect to IT Security & Compliance controls and practices
• General knowledge of frameworks and controls: NIST 800-53, FedRAMP, HITRUST, SOC 2, PCI, ISO 27001
• General knowledge of HIPAA and the requirements to protect PHI
• Ability to communicate concepts in a concise form to management and cross-functional teams. departments or teams verbally, in writing, and through pictures or diagrams when appropriate
• Excellent written, oral, instructional, presentation, and interpersonal skills focused on motivation and positive attitude
• Highly self-motivated with the ability to prioritize tasks and work independently
• Ability to work quickly and efficiently
• Desire to work at a rapidly growing organization in healthcare
• Experience working with remote users in a distributed environment
• Experience with Office 365 suite, Atlassian suite, Vanta (or other GRC tools)
• Experience with any major cloud platform (AWS, Google, Azure) is preferred
• CCSK
• CCAK
• CISA
• AWS Cloud Practitioner
• SANS certificates
Company Overview
• Capital Rx is now Judi Health! Navigate to our new page here: https://www.linkedin.com/company/judi-health It was founded in 2017, and is headquartered in New York, NY, US, with a workforce of 501-1000 employees. Its website is https://www.judi.health/about/careers.
Company H1B Sponsorship
• Capital Rx has a track record of offering H1B sponsorships, with 3 in 2025, 2 in 2024, 1 in 2023, 1 in 2022, 5 in 2021. Please note that this does not guarantee sponsorship for this specific role.