You don't have to be in United to do this job since it's remote. December 25, 2023 was the day when the Security & Privacy Analyst position was made available, and it will be inaccessible after March 24, 2024. This job opening demands that you have a minimum of 36 months of experience working in the same field. The employer's non-disclosure of salary means that you can negotiate based on the company's performance-based bonus structure. full time work can offer a way to work on projects that have a positive impact on society and the environment.
We're looking for a kind, empathetic, and driven individual to join our team as a Security & Privacy Analyst. You would work with the Security Operations and Privacy teams to support healthcare cyber security, compliance and privacy initiatives. Specifically, your main focus would be the growth and maturation of the security & privacy programs, working across the organization on a wide variety of projects as we expand access to mental healthcare for children and teens.
Location: This position can be based anywhere in the United States.Why You Are Excited About Us
This role supports the efforts of the Information Governance Committee to implement and maintain effective security and privacy compliance programs to prevent breaches of sensitive and private information and ensure compliance with HIPAA and other Federal and State privacy laws and regulations. Time will be split across the Security and Privacy teams and often on projects encompassing both. It is a unique opportunity to build your skillset and set you up for future specialization with wide exposure to different areas of the business. The expectation is for a pragmatic, well-rounded and highly organized individual able to manage ambiguity.
A successful Security & Privacy Analyst at Brightline will:
Assist in the development and implementation of an effective data governance framework, including policies, standards, and procedures for managing and ensuring data quality and integrity.
Perform audits of data management across various systems and processes, identifying areas for improvement and implementing measures to enhance control operation.
Under the direction of Security, Privacy and Legal teams complete privacy and security assessments; develop and maintain policies, procedures, documentation; create and develop training and education approved methods; the facilitation of privacy/security awareness events; conducts detailed research regarding privacy laws and regulatory statutes; and other key functions of the compliance activities such as privacy and security compliance monitoring and investigations.
Complete privacy and security risk assessments of third party vendors for new projects through our vendor management process, develop and implement risk mitigation efforts and ongoing monitoring of their success.
Independently participate in conducting ongoing data risk analysis and internal compliance audit activities and investigations in coordination with Privacy Officials, Security, Legal and other key stakeholders.
Track and respond to internal and external privacy and security requests received through the Privacy mailbox and collaborate with business units to find solutions to common compliance issues.
Assist in the processing of Data Subject Access Requests (DSAR) as applicable to state laws.
Independently work with stakeholders to assist in analyzing business processes, document data flows, and advise on potential compliance gaps with NIST, HIPAA, and varying state privacy laws.
Track and monitor compliance with mandatory training (includes HIPAA and Security) within the organization and assist in development and implementation of training effectiveness assessments of privacy/security.
Maintain familiarity with applicable state and federal laws, privacy laws, (particularly HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act and support the implementation of guidance to the organization
Independently track implementation of corrective action plans and follow up review.
Perform other job-related duties as assigned
Looking for a company where you have the opportunity to pursue your interests across functions and guide your own career development in a supportive environment?
Excited about working at a startup at the forefront of pediatric mental health and dedicated to improving the lives of our members and their families..
Eager to quickly make an impact in a place where a job title is not considered the final definition of who you are, but the starting point.
Passionate about security, privacy and their intersection with healthcare.
Able to take ownership and be effective with limited supervision, including leveraging your excellent analytical and written communication skills to produce high quality documentation and reporting for management.
Effective at engaging with teams in various functions and across different levels, withstrong organizational skills and ability to prioritize and manage multiple projects simultaneously.
Strategic and pragmatic about finding solutions to operational challenges.
Proven experience (1-3 years) in data privacy, records management, data governance, cyber security, data compliance, or GRC related roles
Knowledge of relevant data privacy regulations (e.g., HIPAA, GDPR, CCPA) and their impact on data governance practices
Effective techniques for presenting complex regulatory requirements across wide audiences
Familiarity with data management tools and data modeling concepts
Demonstrates both collaborative skills and ability to work well within a team, while completing multiple tasks and projects autonomously
Excellent communication skills to balance conveying complex information to non-technical audience and technical program managers on product features for implementing privacy-by-design principles
Ability to produce high-quality policy development and reports with critical attention to detail and deadlines
Before you start your job search online, make sure to keep in mind some essential tips to ensure a safe and successful job search. Avoid job postings that require you to pay for training or materials upfront, as this is often a scam. Consider using a temporary email address or phone number when applying for jobs online to protect your personal information. If a job posting seems too good to be true, and requires payment upfront, it's probably a scam. To ensure a safe and successful job search, always research the company before applying for any job to verify its credibility and authenticity. Employers who do not conduct in-person or phone interviews may not be legitimate, so it's important to verify their authenticity before proceeding. Watch out for job postings that ask you to use your personal bank account for company transactions. Be cautious of job postings that require you to provide samples of your work without proper compensation or credit, as this could be a sign of a fraudulent job posting. To ensure that the job posting is not fraudulent and that they are hiring for the position, it is important to contact the company directly.
Strong analytical, interpersonal, problem-solving, organizational and presentations skills for evaluating and improving data quality and governance processes
Knowledgeable in data privacy and security audits and investigations techniques
Ability to work in a fast-paced, developing, and deadline-oriented environment
Self-motivated with the ability to self-organize, prioritize, and identify new work.
Transparency and Integrity
Proficiency in Google Workspace and ticketing tools and eager to learn new technologies and tooling
Experience operating in environments based on standards such as the NIST Privacy Framework, ISO/IEC 27701, ISO 27001, HIPAA, HITRUST, SOC 2.
Criminal Background Check Required
Certifications are not required but will help you stand out:
Certified in Healthcare Privacy Compliance (CHPC)
Medical + Dental + Vision + Disability + Life Insurance
14 Paid Holidays + Flexible PTO + Sick Days + Parental Leave
Learning and Development Reimbursement
Health and Wellness Stipend
Home Office Reimbursement
Remote, community-focused culture
Company wide meditations
Group workouts hosted by Brightline employees!
At Brightline we have built a total rewards philosophy that includes fair, equitable, competitive, geo-based compensation that is performance and potential based. Our strategy is based on robust market research, including external advisory specializing in national compensation, and thoughtful input from every level of our organization. It is a combination of a cash salary, equity, benefits, wellbeing, and opportunity. In compliance with the Equal Pay for Equal Work Act, the annual base salary range for applicants is $77,000-$90,000.
At Brightline, we believe that Diversity, Equity, Inclusion, and Belonging are essential to the foundation that we build our mission upon. We are compelled to build a future where all families can access inclusive, high-quality care. We are committed to creating an environment that encourages our employees to show up authentically, reach their highest potential, and have an equal opportunity to thrive. We are committed to systematically evaluating and improving our inherent beliefs, observed behaviors, structures, and systems. We are committed to ensuring that every employee, candidate, client, and family we serve is valued and respected.About Brightline
Brightline is on a mission to build a bright future for every child. We’re convening a team of leading clinicians, technologists, business leaders, and creative thinkers to completely transform what behavioral health care looks like. Together, we’re building exceptional technology and real-world care to bring families a warm, supportive, and goal-oriented experience of care that will help them thrive. Founded in 2019, Brightline is the leading comprehensive behavioral health platform for families, backed by $215M in funding from leading investors, including Oak HC/FT and Threshold Ventures. As we grow quickly across the country, we’re looking for exceptional team members who, like us, are eager to transform behavioral health in this country and change lives.
If you have read through this job listing with attention to detail, now is the time to decide whether to apply. If you have any concerns or questions about this job posting, please don't hesitate to reach out to us for clarification. If you are confident that you meet the qualifications and requirements of this job, please submit your application. Rushing to submit your application can lead to careless mistakes and oversights, which can ultimately harm your chances of being hired. Alternatively, there are many other job vacancies on liquidscapes.info that might offer a better match for your skills and experience.