Staff Information Security Risk and Compliance

**Qualifacts** is a leading provider of behavioral health software and SaaS solutions for clinical productivity, compliance and state reporting, billing, and business intelligence. Its mission is to be an innovative and trusted technology and end-to-end solutions partner, enabling exceptional outcomes for its customers and those they serve. Qualifacts’ comprehensive portfolio, including the
**CareLogic®**,
**Credible**, and
**InSync®** platforms, spans and serves the entire behavioral health, rehabilitative, and human services market supporting non-profit Certified Community Behavioral Health Clinics (CCBHC) as well as for-profit large enterprise and small business providers.

Get to know us:
**The Opportunity**:
**Your Responsibilities**:

- Supports the Information Security Compliance Manager and provides coordination for performing security audits and creation of documentation and remediation plans. Documents and reports on existing controls to support internal and external audit activities.
- Facilitate security risk assessments of functional areas to identify areas of risk and vulnerabilities and recommend alternative strategies.
- Develops and manages metrics to track and ensure QSI functional are in compliance with internal and external policies, standards and regulations.
- Maintains QSI Information Security reporting and dashboards including vulnerability counts, remediation assignments, remediation completion, incidents, etc.
- Manages security awareness content and manages phishing campaigns by providing orientation, training, and on-going communication.

**Skills and Experience You Need**:

- 5+ years as an Information Security Analyst working directly with infrastructure and software engineering teams to achieve, monitor and maintain a strong Information Security posture.
- 3+ years in developing and managing information security policies in accordance with industry regulations
- Working knowledge of IT functions, specifically understanding system production structure/controls, change management and software development processes.
- Capable of identifying management, IT system, and operational issues and trends and developing solutions including creating materials, documentation, systems, processes/procedures, and policies in support.
- Requires excellent technical, policy and procedural writing skills.
- Requires excellent reporting and presentation skills.
- Strong understanding of security audit methodologies with the management of audits with third parties.
- Working knowledge of IT security-related regulations/standards
- Working knowledge of IT functions, specifically understanding system production structure/controls, change management and software development processes.
- Capable of identifying cross-functional risks pertaining to management, IT system, and operational issues and trends and developing solutions including creating materials, documentation, systems, processes/procedures, and policies in support.
- Creates security documentation and provides training content to different teams to enhance awareness of vulnerabilities and other security related issues to reduce those risks.

**Skills and Experience We Prefer You Have**:

- 2+ years of experience as an Information Security Analyst within the healthcare technology sector
- Knowledge and understanding of regulatory compliance standards, particularly SOC1 and Service Organization Controls (SOC), HIPAA, HITrust, FedRAMP, Federal Information Security Management Act (FISMA), NIST Cyber Security Framework (CSF), NIST 800 series.
- Experience with working with Tenable products such as Tenable.sc, Nessus, Tenable.io
- Experience with working with Whitesource open-source scanning tools
- Experience with working with Checkmarx static code scanning and dynamic code scanning

**Licenses/Certifications (preferred)**
- CISSP - Certified Information Systems Security Professional
- CISA - Certified Information Systems Auditor
- CISM - Certified Information Security Manager
- CRISC - Certified in Risk and Information Systems Control
- Security+
- PMP - Project Management Professional

**What we offer you**:

- Economic bonus and merit review.
- Full Health Insurance (EPS and oncologic) for you and your direct dependents.
- Fully paid English lessons and LinkedIn Learning membership.
- All legal benefits (CTS, 30-day paid vacation per year, life insurance, etc.).
- Generous holidays policy.

Qualifacts is an Equal Opportunity Employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, gender, age, disability, etc.