Senior Risk and Compliance Analyst

Inovalon was founded in 1998 on the belief that technology, and data specifically, would empower the transformation of the entire healthcare ecosystem for the better, improving both outcomes and economics.

At Inovalon, we believe that when our customers are successful in their missions, healthcare improves. Therefore, we focus on empowering them with data-driven solutions.

And the momentum is building.

Together, as ONE Inovalon, we are a united force delivering solutions that address healthcare's greatest needs. Through our mission-based culture of inclusion and innovation, our organization brings value not just to our customers, but to the millions of patients and members they serve.

Overview : The Senior Risk and Compliance Analyst is internal to Inovalon and part of the Security, Risk and Compliance department that partners with Technology, business groups, and project teams to perform risk and compliance activities and audits for applications, infrastructure, and vendor / third parties.

In addition, this position supports enterprise security, risk, and compliance initiatives that improve Inovalon's security posture, management control systems, liaises with the company's external audit firms, and helps foster an appreciation for a strong control environment across the organization.

The candidate must be able to build working relationships and drive change with various levels of management on an enterprise scale and be able to articulate how assessment results translate to business risk for the organization.

Duties and Responsibilities :

• Lead, plan and manage the execution and delivery of risk-based IT assessment and compliance reviews, which may include IT general control, IT application control, IT infrastructure, and IT operational process reviews, IT governance & strategy design assessments, and SOX compliance related activities;
• Lead the preparation and coordination of third-party audits and assessments, including client on-site visits, third party security / risk questionnaires and desktop reviews as well as in the preparation of regulatory external audits such as SSAE 16 / 18, HITRUST, PCI and Sarbanes-Oxley;
• Capture and refine IT compliance and risk requirements and ensure that the requirements are integrated into Inovalon products and information systems through purposeful security architecting, design, development, and configuration;
• Prepare deliverables, reports, for review by the Risk and Compliance management and senior leadership that include issues, trends and other micro / macro level risks identified through the execution of IT internal control work and other assurance-related activities;
• Support Inovalon's HITRUST Enterprise Implementation Program;
• Contribute "best practices" in terms of findings, checklists, templates, testing methods, and techniques to support and advance the Technology Compliance Program;
• Serve as a trusted advisor and consultant between various groups such as Technology, Finance, and Operations;
• Support our department response to prospective client Request for Proposal (RFP), client inquiries and control assessments, and other third-party inquiries;
• Serve as a security, risk, and compliance consultant and expert to help enterprise wide project and tiger teams drive the effectiveness of our security and privacy programs;
• Ensure compliance with Inovalon's IT policies and procedures, applicable laws and regulations, and keep current on compliance-related areas;
• Maintain compliance with Inovalon's policies, procedures and mission statement;
• Adhere to all confidentiality and HIPAA requirements as outlined within Inovalon's Operating Policies and Procedures in all ways and at all times with respect to any aspect of the data handled or services rendered in the undertaking of the position; and
• Fulfill those responsibilities and / or duties that may be reasonably provided by Inovalon for the purpose of achieving operational and financial success of Employer.

Job Requirements :

• Minimum of five years of relevant experience working within the areas of : Internal Audit, Technology Governance, Risk Assurance, and / or Internal Controls.
• Health-care industry experience is a plus;
• In-depth experience with key regulations and standards such as HITRUST, HIPAA, NIST 800-53, NIST Cyber-Security Framework, Sarbanes-Oxley, and other compliance requirements;
• Articulate communicator, demonstrating mastery of both spoken and written English, with the ability to tailor deliverables appropriately for audiences ranging from technical to senior executive;
• Strong critical thinking skills; ability to quickly comprehend problems, develop hypotheses, draw logical conclusions, develop solutions, and respond accordingly;
• A self-starter : pro-actively identifying problems, determining pragmatic solutions, identifying and obtaining needed resources, and executing with little or no supervision;
• Demonstrated hands-on approach and success in working in a team-based environment and to partner with others to promote an environment of teamwork;
• Proven ability to manage multiple projects and work-streams concurrently and successfully; and
• In-depth understanding of core information technology processes and controls.

Education :

• Bachelor's degree (Master's degree preferred) in Business or IT studies; and
• Security / Audit-related certifications preferred, such as : CISA, CISSP, CRISC.

Physical Demands and Work Environment :

• Sedentary work (i.e. sitting for long periods of time);
• Exerting up to 10 pounds of force occasionally and / or negligible amount of force;
• Frequently or constantly to lift, carry push, pull or otherwise move objects and repetitive motions;
• Subject to inside environmental conditions; and
• Travel for this position will include less than 5% locally usually for training purposes.

The actual base pay offered may vary depending on multiple factors including, but not limited to, job-related knowledge / skills, experience, business needs, geographical location, and internal equity.

At Inovalon, it is not typical for an individual to be hired at or near the top end of the range for their role, and compensation decisions are dependent upon the facts and circumstances of each position and candidate.

Base Compensation Range

$80,000 $115,000 USD

Studies have shown that women and people of color are less likely to apply for jobs unless they believe they meet every one of the qualifications listed in a job description.

If you don't meet every qualification listed but are excited about our mission and the work described, we encourage you to apply regardless.

Inovalon is most interested in finding the best candidate for the job and you may be just the right person for this or other roles.

By embracing diversity, equity and inclusion we enhance our work environment and drive business success. Inovalon strives to reflect the diversity of the communities where we operate and of our clients and everyone whom we serve.

We endeavor to create a culture of inclusion in which our associates feel empowered to bring their full, authentic selves to work and pursue their professional goals in an equitable setting.

We understand that by fostering this type of culture, and welcoming different perspectives, we generate innovation and growth.

Inovalon is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.

We also consider qualified applicants regardless of criminal histories, consistent with legal requirement.

The Company maintains a drug free work environment for all of its associates, which includes employees, contractors and vendors.

It is unlawful for associates to manufacture, sell, distribute, dispense, possess or use any controlled substance or marijuana in the workplace and doing so will result in disciplinary action, up to and including termination of employment or the contracted relationship.

To review the legal requirements, including all labor law posters, please visit this link