Senior Information Systems Compliance Analyst

About GoodRx

GoodRx is the leading prescription savings platform in the U.S. Trusted by more than 25 million consumers and 750,000 healthcare professionals annually, GoodRx provides access to savings and affordability options for generic and brand-name medications at more than 70,000 pharmacies nationwide, as well as comprehensive healthcare research and information. Since 2011, GoodRx has helped consumers save nearly $75 billion on the cost of their prescriptions.

Our goal is to help Americans find convenient and affordable healthcare. We offer solutions for consumers, employers, health plans, and anyone else who shares our desire to provide affordable prescriptions to all Americans.

About The Role

As a Senior Information Systems Compliance Analyst, you will leverage strong IT audit experience and background in the technical implementation of SOC2, NIST / HiTrust and SOX-404. Additional knowledge in privacy frameworks such as NIST privacy and CCPA would be beneficial. You will support compliance initiatives by engaging various process owners in the design, documentation, implementation, and monitoring of appropriate IT controls in our computing environments, demonstrating those controls to external auditors. Additionally, you are responsible for assisting in the monitoring and oversight of yearly audits, liaising between control owners, internal audit, and external audit teams. This role also includes larger projects such as implementing new frameworks and standards and reports into the Compliance Manager.

Responsibilities

• Coordinate walkthrough meetings and evidence collection for external auditors for SOC 2, SOX, and HITRUST audits, through collaboration with control owners.
• Perform risk assessments and audits with limited supervision from management, assisting in the overall risk management program.
• Capture and analyze information to identify key risks and corresponding controls.
• Manage various control frameworks within OneTrust.
• HITRUST readiness, including validation of control requirements against current policies, procedures, and implementations.
• Manage our GRC tool, overseen by the Compliance Manager.
• Write policies and procedures for internal controls.
• Manage the update and review of policies and procedures required for yearly audits through review of applicable laws and regulations and coordination with the larger group.
• Communicate findings and recommendations to management, assisting in deficiency remediation as part of annual audits.
• Deliver and manage security training, including phishing campaigns.

Skills & Qualifications

• Bachelor’s degree in Accounting, Finance, Computer Science, or relevant quantitative field.
• 4+ years experience in IT regulation and compliance standards such as SOC 2 NIST, ISO 27001, SOX-404, HiTrust and HIPAA.
• Understanding of IT methodologies, such as software development lifecycle and operations.
• Ability to understand complex technical, cloud-based environments.
• Experience designing/testing/implementing internal controls and reviewing business processes.
• Excellent oral, written and presentation communication skills.

Nice To Have

• Recognized professional certification(s) (CISA, CISSP, CPA, CIA, CCSP, CFE).
• Experience working for a company in the technology or healthcare industry.
• Experience with NetSuite, Workday, Blackline, JP Morgan, OneTrust, KnowBe4, JIRA, is a plus.

Key skills/competency

• IT Audit
• SOC 2 Compliance
• NIST Frameworks
• HITRUST
• SOX-404
• GRC Tools
• Internal Controls
• Risk Assessment
• HIPAA Compliance
• Policy Management