Join Aya Healthcare, winner of multiple Top Workplace awards!

Here at Aya we are seeking an Information Security Compliance Analyst to identify and report on the company's information security and compliance objectives. Under the direction of the Cybersecurity Compliance Manager, this position responsible for Security Auditing, Readiness Assessment, Policy Writing, Risk Assessment, client onboarding and coordination of implementation treatment resulting from GAP assessment.

Our compliance program is ever evolving, so there is ample opportunity to help define how it grows and fits into the big picture here at Aya. This position will involve mentoring teammates, including facilitating knowledge transfer and socializing best practices within our architectures and our workflows. The ability to multi-task, while maintaining structure and organization, is essential in this position. The ideal candidate for this job is resourceful and a good problem solver and communicator.

Who We Are:

We're a $10+ billion dollar, rapidly growing workforce solutions provider in the healthcare industry. We deliver tech-enabled services that help healthcare organizations meet and manage their contingent labor needs. We build and manage tech-enabled marketplaces for national and local healthcare talent and deliver contingent labor management solutions through our proprietary software platform.

At Aya, we're obsessed with creating exceptional experiences for our clients, clinicians and employees. In fact, we put employee satisfaction above all else. Our team members are responsible for incomparable customer experience and we know that happy employees are critical to maintaining happy clients. We foster an entrepreneurial, high-energy, low-bureaucracyculture and value innovative thinking and creative problem solving. We embrace diversity in thought and backgrounds unified by a commitment to high achievement.When you join Aya, you'll be surrounded by teammates who care about you as an individual and leaders who will help you grow both personally and professionally.

Responsibilities:

• Compliance Management monitor and assess the organization's compliance with relevant security standards, regulations, and frameworks (e.g., ISO 27001, NIST, GDPR).
• Conduct regular audits and assessments to identify and address non-compliance issues.
• Ensure policies are effectively communicated, understood, and enforced throughout the organization.
• Develop and manage information security policies, and verify compliance with those policies, with emphasis on CSF, HIPAA.
• Conduct risk assessments to identify vulnerabilities and potential security threats.
• Manage internal and external audit and testing programs, reporting risks that need correction.
• Record, analyze, and document cybersecurity compliance issues and incidents, where necessary
• Comprehend, develop, and provide meaningful reports on current state of and adherence to frameworks and standards
• Partake in security incident response and corrective action planning
• Conduct client-vendor-supply chain assessments
• Complete internal security risk assessments
• Organize and conduct Risk/Privacy/Compliance trainings and assessments
• Excellent communication and organizational skills, and the ability to stay focused on completing tasks and meeting goals within a busy workspace.

Required Qualifications:

• Bachelor's degree (or equivalent) in Computer Science, Information Systems, or related field.
• Five years of related experience in information security and compliance.
• Knowledge and experience of applicable information security frameworks and regulatory requirements, e.g. SOC, PCI DSS, ISO, NIST, HIPAA, CIS, FISMA, etc.
• Understanding of IT Infrastructure and software development processes and associated controls required to support a fully functioning and controlled information security program.
• Understanding writing meaningful policies, procedures, and controls in one or more standards/frameworks.
• Background working with security teams performing vulnerability scanning and PEN testing.
• Familiarity with software & infrastructure security methodologies and in-depth defense strategies.
• Technical or engineering background, including software development, data management, networking, and/or cloud architecture.
• Ability to respond and collaborate in a professional and courteous manner.
• Exceptional organizational skills with strong attention to detail.

What We Offer:

• Free premium medical, dental, life and vision insurance
• Generous 401(k) match
• Aya also offers other benefits to those that are eligibleand where required by applicable law, including reimbursementsand discretionary bonuses
• Aya provides paid sick leave in accordance with all applicable state, federal, and local laws. Aya's general sick leave policy is that employees accrue one hour of paid sick leave for every 30 hours worked. However, to the extent any provisions of the statement above conflict with any applicable paid sick leave laws, the applicable paid sick leave laws are controlling
• Celebrations! We hit our goals and reward ourselves.
• Company-sponsored virtual events, happy hours and team-building activities are always on the horizon - plus, you get a special treat on your birthday!
• UnlimitedDTO- we believe in time off!
• Virtual yoga, meditation or boot camp classes offered daily

Compensation: Aya reasonably anticipates the pay scale for this position to be $92,000 to $136,000 annually.

The pay scale for this position may vary if applicant possesses experience outside of what Aya reasonably anticipates for this position. Bonuses are subject to the role and your manager's discretion.

Aya is an Equal Opportunity Employer (EEO) and welcomes all to apply. Please click for our EEO policy.