IT Security Auditor
Remote, USA, United States
Privia HealthWe improve the patient experience, accelerate the transition to value, reduce unnecessary costs and utilization, and create a high-quality healthcare experience.
Privia Health™ is a technology-driven, national physician enablement company that collaborates with medical groups, health plans, and health systems to optimize physician practices, improve patient experiences, and reward doctors for delivering high-value care in both in-person and virtual settings. The Privia Platform is led by top industry talent and exceptional physician leadership, and consists of scalable operations and end-to-end, cloud-based technology that reduces unnecessary healthcare costs, achieves better outcomes, and improves the health of patients and the well-being of providers.
Reports to the Sr. Manager of IT Audit & Security. The IT Security Auditor will be responsible for ensuring IT systems and procedures are secure, compliant with HIPAA, SOX, and HITRUST, and aligned with industry best practices. They have experience in EMR, IAM, IGA, and access review tools, with strong analytical skills for identifying and addressing security risks. The IT Security Auditor collaborates with teams to ensure compliance with evolving security policies and workflows, focusing on access vulnerabilities. They assist in documenting governance processes and designing policy for approval workflows, privileged access management, and lifecycle management. Additionally, the IT Security Auditor supports the design, implementation, and refinement of SOX-related controls, user access reporting, and quarterly audits.
- Assist with regular audits of user access controls, including reviewing user access requests and access logs, and producing audit reports to ensure that access is appropriate and in line with company policies and regulatory requirements.
- Assist with implementing and revising identity governance policy using IGA tools and technologies to ensure that privileged/admin access and non-privileged access are appropriately differentiated, with an emphasis on SOD analysis and controls.
- Design, implement, and test SOX controls related to user access and data security, with a focus on compliance with SOX and other relevant security regulations.
- Support the Access and Data Management where needed with a primary focus on the security policy of user provisioning across multiple systems, emphasizing the separation of duties (SOD) analysis and controls.
- Thorough understanding of healthcare regulatory frameworks and security standards such as the HIPAA Security Rule, NIST, and PCI DSS.
- Knowledge of the HITRUST CSF (Common Security Framework) and the HITRUST CSFCIS (CSF Control Implementation Support) Control Set to demonstrate the ability to meet industry best practices and regulatory requirements for securing healthcare data.
- Ability to utilize various audit tools to perform user access audits and produce comprehensive audit reports to identify risks and vulnerabilities in the organization's access management system.
- Experience in designing, implementing, and testing SOX controls related to user access and data security, such as Segregation of Duties (SOD), Least Privilege, and Access Recertification.
- Ability to conduct quarterly user access reviews and produce audit reports to ensure compliance with company policies and regulatory requirements.
- Understanding of IT General Controls (ITGCs) and their impact on financial reporting, such as change management, system development, and IT operations.
- Demonstrated experience with the implementation and administration of Identity and Access Management (IAM) solutions, such as Okta, Ping Identity, One Identity, ForgeRock, CyberArk, or similar.
- Strong understanding and experience with Identity Governance and Administration (IGA) solutions, such as SailPoint, Saviynt, or RSA Identity Governance, to manage access requests, entitlements, certifications, and compliance.
- Familiarity with industry standards and best practices such as NIST, ISO 27001, CIS, and PCI-DSS, as well as regulatory compliance frameworks, such as HIPAA, HITRUST, GDPR, CCPA, and SOX.
APPLICATION (Applications, Database, Interfaces)
- Basic knowledge in securing a three tier application architecture.
- Basic knowledge of cloud-based security architecture, including modern multi-cloud architectures, the difference between cloud and a virtual desktop or application environment hosted in a Citrix or VDI environment.
- Strong spreadsheet skills with Excel or Google Sheets including pivot tables and vlookups.
- Experience with application support for an EHR/EMR - athenaOne preferred.
- 5+ years of experience in security, including knowledge of healthcare regulatory frameworks, IDS/IPS devices, and experience with audit tools to perform user access audits and produce audit reports. Familiarity with SOX-related auditing strongly preferred.
- 5+ years of experience in technical project management
- 3+ years of experience, or close collaboration with, access and data management/user provisioning, with a focus on lifecycle management.
- Experience in a healthcare environment is strongly preferred.
- Bachelor's Degree in a related field or commensurate experience preferred.
"The salary range for this role is $160,000.00 to $200,000.00 in base pay and exclusive of any bonuses or benefits. This role is also eligible for an annual bonus targeted at 15% and restricted stock units based on performance in the role. The base pay offered will be determined based on relevant factors such as experience, education, and geographic location."
Technical Requirements (for remote workers only, not applicable for onsite/in office work):
In order to successfully work remotely, supporting our patients and providers, we require a minimum of 5 MBPS for Download Speed and 3 MBPS for the Upload Speed. This should be acquired prior to the start of your employment. The best measure of your internet speed is to use online speed tests like https://www.speedtest.net/. This gives you an update as to how fast data transfer is with your internet connection and if it meets the minimum speed requirements. Work with your internet provider if you have questions about your connection. Employees who regularly work from home offices are eligible for expense reimbursement to offset this cost.
Privia Health is committed to creating and fostering a work environment that allows and encourages you to bring your whole self to work. Privia is a better company when our people are a reflection of the communities that we serve. Our goal is to encourage people to pursue all opportunities regardless of their age, color, national origin, physical or mental (dis)ability, race, religion, gender, sex, gender identity and/or expression, marital status, veteran status, or any other characteristic protected by federal, state or local law.
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Information Security Officer jobs
- Open Chief Information Security Officer jobs
- Open Security Operations Engineer jobs
- Open Ingénieur DevSecops H/F jobs
- Open Staff Security Engineer jobs
- Open Analyste CERT / Incident Responder junior (H/F) jobs
- Open Senior Security Architect jobs
- Open Analyste CERT / Incident Responder senior (H/F) jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Consultant jobs
- Open Senior Security Analyst jobs
- Open o365 Security Architect jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Staff Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Security Researcher jobs
- Open Product Security Engineer jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Governance-related jobs
- Open Risk assessment-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open CISM-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Security assessment-related jobs
- Open DoD-related jobs
- Open APIs-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open EDR-related jobs