Senior Compliance Analyst

At Nuna, our mission is to make high-quality healthcare affordable and accessible for everyone. We are dedicated to tackling one of our nation’s biggest problems with ingenuity, creativity, and a keen moral compass. Nuna is committed to simple principles: a rigorous understanding of data, modern technology, and most importantly, compassion and care for our fellow human. We want to know what really works, what doesn't—and why. Nuna partners with healthcare payers, including government agencies and health plans, to turn data into learnings and information into meaning. YOUR TEAM The Trust team (Governance, Risk, Compliance, and Privacy) provides comprehensive data governance through thoughtful partnership with Security, Product, Engineering, and Legal teams, and by developing strategies and processes that keep data protected in a dynamic healthcare landscape. YOUR OPPORTUNITIES Nuna is looking for a Senior Compliance Analyst to support privacy and security functions across the organization. You will work with the Trust team to help to maintain and improve our compliance,  security and privacy programs. This is an opportunity to bring innovative ideas and approaches to protecting sensitive data, while supporting and facilitating compliance with complex data standards and regulations such as HITRUST, HIPAA, ARS, SOC 1/2, CCPA, and NIST. In this role, you will: Participate in ongoing compliance efforts across a number of frameworks such as HITRUST, HIPAA, ARS, SOC 1/2, CCPA, and NIST Perform audits and table top exercises to test and improve privacy and security across Nuna Conduct vendor and customer risk assessments Coordinate employee access rights to sensitive data Help manage Business Associate Agreement (BAA) and Data Use Agreement (DUA) compliance requirements Review system-related information security plans throughout the organization’s network to ensure alignment with security best practices and compliance frameworks Partner with Security, IT, Engineering and Product teams to ensure products in development comply with applicable compliance frameworks Assist in the creation of policies and compliance standards with Security, Engineering, IT, People Operations, and Legal teams  Lead audit walkthroughs and process of audit evidence collection and review for internal and external audit engagements Deliver security and privacy compliance training across the organization, including conducting training and information sessions Work with senior Security, Leadership, Product and Engineering teams, along with Trust, and Legal team members to convert laws, regulations, contractual obligations and industry best practices into business and functional requirements Remain current on advancements in information security and privacy technologies and changing applicable federal and state security and privacy laws and standards to ensure organizational adaptation and compliance QUALIFICATIONS Required Qualifications ~3 to 5 years of experience in security compliance Experience with HIPAA, HITRUST, ARS, SOC 1/2, CCPA,  and NIST frameworks.  Strong security and privacy awareness Curiosity and willingness to learn Exemplary communication skills, both written and verbal Preferred Qualifications Experience with compliance on AWS infrastructure Experience with health data privacy compliance Experience with building information security policies and procedures Experience conducting incident related investigations Security, Privacy, or other Healthcare Compliance Certifications (CISA, CISM, CIPP, CHPC, CISSP, HITRUST CCSFP) We take into account an individual’s qualifications, skillset, and experience in determining final salary. This role is eligible for health insurance, life insurance, retirement benefits, participation in the company’s equity program, paid time off, including vacation and sick leave. The expected salary range for this position is $125,000 to $175,000. The actual offer will be at the company’s sole discretion and determined by relevant business considerations, including the final candidate’s qualifications, years of experience, and skillset. Nuna is an Equal Employment Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability, genetics and/or veteran status.