IT Security Analyst, QuadMed

About The Company
QuadMed was founded with a mission to revolutionize healthcare delivery by providing accessible, high-quality, and affordable health services directly within the workplace. Inspired by Harry Quadracci’s vision in 1991, the company has grown over three decades into a leading partner for employers nationwide, dedicated to removing barriers related to cost, access, and quality of healthcare. Our innovative approach emphasizes building meaningful relationships between healthcare providers and patients, fostering healthier and happier communities. We are committed to transforming healthcare into a more efficient, compassionate, and patient-centered experience, aligning our purpose with the needs of our clients and their employees.
About The Role
We are seeking a highly motivated and detail-oriented IT Security Analyst to join our dynamic QuadMed IT team. This is a remote position with occasional travel requirements, offering the opportunity to contribute significantly to our organization’s security and compliance initiatives. The IT Security Analyst will work closely with the Director of Information Security and Compliance to develop, implement, and monitor security protocols that safeguard our data and systems. The role involves conducting audits, assessing risks, and collaborating across departments to ensure adherence to regulatory standards such as HIPAA, SOC2, PCI, and others. The ideal candidate will possess a strong understanding of healthcare security regulations, risk management, and auditing techniques, with a passion for continuous learning and process improvement.
Qualifications
The ideal candidate will hold a Bachelor's Degree from an accredited four-year college or university in business, healthcare, information technology, security, or a related field. A minimum of one year of experience in a healthcare setting, particularly in roles related to HIPAA, privacy, security, or audit/compliance, is preferred. Certifications in healthcare compliance, privacy, security, health information management, risk management assurance, internal auditing, or Epic Systems are advantageous. Candidates should demonstrate a solid understanding of healthcare laws and regulations, electronic health record systems, and risk management principles. Excellent analytical, problem-solving, and communication skills are essential, along with the ability to work independently and collaboratively. A commitment to maintaining confidentiality, integrity, and trust is paramount, and the ability to adapt to evolving security landscapes is highly valued.
Responsibilities

• Conduct thorough reviews of organizational and functional activities to evaluate the effectiveness of IT security controls, including IT General Controls, Splunk, Nessus, and third-party assessments.
• Perform regular audits and participate in special projects aimed at enhancing systems, reducing organizational risks, and ensuring compliance with standards such as HIPAA, SOC2, PCI, and others.
• Develop and maintain risk and threat matrices to monitor organizational risks and track mitigation efforts through scorecards, security reports, and vulnerability tracking tools.
• Coordinate and assist with third-party audits and assessments, including HIPAA, risk, disaster recovery, PCI, and SOC2 evaluations.
• Assist with security risk assessments for current and prospective third-party vendors, ensuring compliance with industry standards and internal policies.
• Collaborate with various departments to implement process improvements or remediation activities based on audit findings and risk assessments.
• Utilize reporting tools to identify suspicious user behaviors, such as unauthorized access, irregular activity, or account lockouts, and take appropriate action.
• Maintain comprehensive documentation, reports, and records related to security activities, audits, and compliance efforts, supporting organizational transparency and accountability.
• Coordinate employee education, awareness, training, and testing initiatives, including phishing simulations and insider threat programs.
• Continuously seek knowledge of emerging automated auditing and monitoring techniques to enhance departmental efficiency and effectiveness.
• Review and update system documentation, security policies, and procedures to ensure alignment with current standards and best practices.
• Perform additional duties as assigned to support departmental initiatives and the strategic goals of the organization.

Benefits
QuadMed offers a comprehensive benefits package to eligible employees, including competitive 401(k) plans, paid holidays, vacation time, and additional wellness programs. We prioritize employee well-being and development, providing opportunities for continuous learning and career growth within a supportive environment. Our benefits are designed to promote work-life balance and foster a culture of inclusion and respect, ensuring our team members feel valued and empowered. As part of our commitment to a healthy workplace, we also support initiatives that enhance employee health, safety, and overall job satisfaction.
Equal Opportunity
QuadMed is an equal opportunity employer committed to fostering an inclusive and diverse workforce. We do not discriminate on the basis of race, religion, color, national origin, disability, gender, gender identity, sexual orientation, age, marital status, veteran status, genetic information, or any other protected characteristic under applicable law. We are dedicated to creating a workplace where all employees feel valued, respected, and able to contribute fully. Additionally, QuadMed maintains a drug-free workplace environment, ensuring a safe and productive space for everyone.