Information Assurance Specialist

The Information Assurance Specialist will support the operation of Nox Health Group, Inc (Nox Health) and all associated business units by assessing, evaluating and reporting on the security posture of organization to ensure compliance with security standards and regulations such as ISO 27001, HIPAA, HITRUST, SOC2, PCI DSS, and other relevant standards. An Information Assurance Specialist  will work with relevant departments and business units to identify and mitigate security risks, ensure data confidentiality, integrity, and availability, and maintain compliance with regulations.

Responsibilities:

• Performing regular internal audits of the organization's information security infrastructure, policies, and procedures to assess compliance with relevant regulatory standards.
• Developing audit plans based on regulatory requirements and organizational goals to ensure that audits are comprehensive and effective.
• Assessing the effectiveness of the organization's security controls and identifying any gaps in compliance. 
• Reviewing organization's policies and procedures to ensure that they are up-to-date, comply with regulatory standards, and are being followed by employees.
• Reviewing and analyzing technical security controls such as access controls, firewalls, and intrusion detection systems to ensure they are effective.
• Documenting and reporting audit findings to relevant stakeholders, recommending remediation actions, and tracking remediations to completions with the stakeholders.
• Conducting risk assessments to identify potential risks to the organization's information assets, provide recommendations for risk mitigation, and track action plans to completion.
• Conducting security and compliance assessments of service providers to identify potential risks to the organization, recommend, and track action plans.
• Staying up-to-date on regulatory requirements and industry best practices to ensure that audits are conducted in compliance with relevant standards.
• Working collaboratively with technical and business teams to ensure that audits are comprehensive and effective.
• Collaborating with external auditors to plan, assist, and conduct assessments to validate security and compliance of policies, processes and technologies.

Requirements

• Bachelor's degree in information assurance, computer science, information systems, or a related field.
• Relevant security certifications such as CISSP, CISA, CISM, or CRISC are preferred..
• Knowledge of ISO27001, HIPAA, HITRUST, SOC2, and PCI DSS standards.
• Experience in conducting IT and security audits and assessments.
• Familiarity with cloud infrastructure and cloud security best practices.
• Strong technical background in IT and security.
• Excellent communication and interpersonal skills.
• Strong analytical and problem-solving skills.
• Ability to work independently and as part of a team.
• Ability to document processes and write audit reports.
• Attention to detail and the ability to work under pressure.
• Ability to travel, if necessary.

Benefits

Medical, Dental, Vision Benefits

401K + Match

Unlimited PTO

Employee Sleep Testing Program