Risk & Compliance Analyst

Overview: The Risk and Compliance Analyst is internal to Inovalon a part of the Enterprise Risk and Compliance department that partners with Technology, business groups, and project teams to perform risk and compliance activities for applications, infrastructure, and vendor third parties.   In addition, this position supports enterprise security, risk, and compliance initiatives that improve Inovalon’s security posture, management control systems, liaises with the company's external audit firm, and helps foster an appreciation for a strong control environment across the organization. Candidate must be able to build working relationships and drive change with various levels of management on an enterprise scale, and be able to articulate how assessment results translate to business risk for the organization.

Duties and Responsibilities:

• Participant in cross functional teams and business groups for enterprise risk and compliance projects;
• Identify, document, test, assess, and remediate potential IT risk areas and inquiries of applications, business processes, requirements are integrated into Inovalon products and information systems and other departments as needed;
• Support the departments execution and delivery of  risk-based IT assessments and SOC compliance activities; - Perform reviews such as data integrity, Information security risk assessments, technical compliance reviews, third party vendor in conjunction with HIPPA vendor management program;
• Prepare deliverables/reports for review by the Risk and Compliance management and senior leadership that include issues, trends and other micro/macro level risks identified through the execution of IT internal control work and other assurance-related activities;
• Creates compliance documents or project artifacts in standard situations; identifies root causes of risk, security, and/or compliance incidents that arise, solve and escalate as necessary to resolve them;
• Develop and utilize collaborative networks with key contacts within and outside of their immediate organization; and
• Assist with department response to prospective client Request for Proposal (RFP), periodic client inquiries and control assessments, and other third party inquiries.
• Maintain compliance with Inovalon’s policies, procedures and mission statement;
• Adhere to all confidentiality and HIPAA requirements as outlined within Inovalon’s Operating Policies and Procedures in all ways and at all times with respect to any aspect of the data handled or services rendered in the undertaking of the position; and
• Fulfill those responsibilities and/or duties that may be reasonably provided by Inovalon for the purpose of achieving operational and financial success of the Employer.

Job Requirements:

• Support IT audit and compliance assessments aligned with frameworks such as SOC 2, SOX, HITRUST, or PCI DSS
• Assist in planning, executing, and documenting IT audits and control testing
• Evaluate IT general controls (ITGCs), application controls, and security controls
• Collect, analyze, and validate audit evidence and documentation
• Identify control gaps and assist in developing remediation plans
• Collaborate with IT, security, and business stakeholders to understand processes and systems
• Prepare clear and concise audit workpapers, reports, and presentations
• Support external auditors and regulatory examinations as needed
• Stay current on evolving IT risk, cybersecurity, and compliance standard

Education:

• Bachelor’s degree in Business, Technology, and/ or equivalent