GRC Analyst

Your Future Evolves Here

Evolent Health has a bold mission to change the health of the nation by changing the way health care is delivered. Our pursuit of this mission is the driving force that brings us to work each day. We believe in embracing new ideas, challenging ourselves and failing forward. We respect and celebrate individual talents and team wins. We have fun while working hard and Evolenteers often make a difference working in everything from scrubs to jeans.

Are we growing? Absolutely and Globally. In 2021 we grew our teams by almost 50% and continue to grow even more in 2022. Are we recognized as a company you are supported by for your career and growth, and a great place to work? Definitely. Evolent Health International (Pune, India) has been certified as “Great Places to Work” in 2021. In 2020 and 2021 Evolent in the U.S. was both named Best Company for Women to Advance list by Parity.org and earned a perfect score on the Human Rights Campaign (HRC) Foundation’s Corporate Equality Index (CEI). This index is the nation's foremost benchmarking survey and report measuring corporate policies and practices related to LGBTQ+ workplace equality.

We recognize employees that live our values, give back to our communities each year, and are champions for bringing our whole selves to work each day. If you’re looking for a place where your work can be personally and professionally rewarding, don’t just join a company with a mission. Join a mission with a company behind it.

What You’ll Be Doing:

What You’ll Be Doing:

Our Information & Cyber Security team is seeking a seasoned  Governance Risk and Compliance Analyst, with a passion for reducing risk and improving the company's security posture. This person will be the focal point for all healthcare compliance (HIPAA / HITECH, contractual requirements, and relevant state laws) activities for the company and its affiliates. Ideal candidates will be familiar with adversary tactics, collaborate with key stakeholders, and plan, implement, and monitor the compliance program.

Essential Responsibilities:

• Participate and lead Compliance annual audit programs on both internal and external basis ISO, HIPAA & SOC, and Hitrust requirements.
• Auditing the applications, configurations, and internal practices against standards such as HIPAA, HITRUST, etc.
• Providing advice and implementing forward-thinking Information security policies, standards, and security operational processes with other business units to discuss updated security policies.
• Ensuring Evolent Health information security practices are in line when complying with industry and regulatory requirements that include e.g., HIPAA, Hitech, Hitrust, Nist-800-53, And CMMI.
• Create and maintain documentation including Policies and Procedures, systems and processes as needed to track, trend, and manage compliance notifications, issues, corrective action plans, audit results, etc.
• Performing continuous gap analysis, identifying risks, and performing risk assessments
• Collaborate with business units to ensure corrective actions are adequate and have been implemented for all identified compliance deficiencies.
• Promote awareness related to information privacy and security and enforce compliance across the enterprise.
• Should be able to highlight any risks in Contractual obligations and their compliance accordingly alert suitably the operational teams and management.
• Should be able to respond to customer security questionnaires/surveys, RFP/RFI’s & highlight any risks in RFP/Contractual obligations and their compliance accordingly alert suitably to the Information security management.
• Good understanding of Third-Party Risk Management
• Understanding of how Third-Party risk assessments are conducted and reviewing their compliance against regulatory requirements.
• Assist in the coordination & implementation of governance activities.
• Create and generate monthly reporting statistics.

Mandatory Skills

• Knowledge of the latest Hitrust, ISO 27001 standards, SOC 1 & 2 Type 2 audits.
• Internal and External Audit experience of ISO 27001 standards,
• Knowledge of Risk Assessment and Treatment Methods.
• Strong stakeholder management & Excellent written and verbal communication skills.

Educational Qualifications/Skills/Experience

• 2-3+ Years of experience in GRC.
• Graduate with work experience in ISMS and Compliance.
• Certifications in Information Security: CISM, CRISC, CISA (at least one)
• Working and implementation Knowledge of ISO 27001, HIPAA, and SOC 1 & 2.
• Should have experience working in US healthcare business / Banking / Regulatory environment.
• Good understanding of various Infrastructure Security tools/technologies such as Firewalls, IPS, Endpoint Detection & Response, Identity & Access Mgmt., Vulnerability Mgmt., Data Leakage Prevention, Application security, Cloud security, Incident and Threat Management
• Strong interpersonal skills and ability to communicate effectively with senior management.
• Good presentation & reporting skills.
• Self-starter and willing to deal with complex situations.

Mandatory Requirements:

We require that all employees have the following technical capability at their home: High speed internet over 10 Mbps, the ability to plug in directly to the home internet router. These at-home technical requirements are subject to change with any scheduled re-opening of our office locations.

​

Evolent Health is an equal opportunity employer and considers all qualified applicants equally without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran status, or disability status.