Security Risk and Compliance Analyst

Who We Are

Machinify is a leading healthcare intelligence company with expertise across the payment continuum, delivering unmatched value, transparency, and efficiency to health plan clients across the country. Deployed by over 60 health plans, including many of the top 20, and representing more than 160 million lives, Machinify brings together a fully configurable and content-rich, AI-powered platform along with best-in-class expertise. We're constantly reimagining what's possible in our industry, creating disruptively simple, powerfully clear ways to maximize financial outcomes and drive down healthcare costs.

Location: This role is full remote

About the Opportunity

At Machinify, we're building a robust security program to protect our clients' sensitive healthcare data and maintain the highest standards of information security. As part of the Security team, you will help implement and maintain critical security controls across our organization. This role involves governance, risk management, compliance activities, customer security assurance, and third-party risk assessment, with a focus on protecting our infrastructure, applications, and data. As a Security Risk and Compliance Analyst, you will leverage your expertise in security frameworks, risk assessment, and compliance to help safeguard our systems while working closely with cross-functional teams to ensure consistent delivery of secure solutions.

What you'll do

• Manage customer security assurance processes, including responding to security questionnaires and providing documentation to customers
• Conduct third-party risk assessments to evaluate the security posture of vendors and partners
• Create, review, and maintain security policies and procedures to align with industry best practices
• Support audit and compliance activities for SOC2 and HITRUST certifications
• Facilitate governance processes, including communication with company leadership and governance groups
• Develop and deliver security awareness training programs for employees
• Coordinate and execute periodic access reviews across systems and applications
• Track and report on security metrics and compliance status to leadership
• Support risk assessment activities and remediation tracking
• Assist with security documentation for regulatory requirements
• Participate in security incident response when needed

What experience you bring (Role Requirements)

• Bachelor's degree in Information Security, Compliance, Risk Management, or related field, or equivalent work experience
• 3+ years of experience in information security, governance, risk, and compliance (GRC)
• Strong understanding of security frameworks such as NIST, ISO 27001, HITRUST, and SOC2
• Experience with healthcare compliance requirements (HIPAA)
• Knowledge of third-party risk management processes and vendor security assessments
• Familiarity with security policies and procedures development
• Experience with customer security assurance processes
• Security certification preferred (CISSP, CISM, CISA, or similar)
• Strong analytical and documentation skills
• Excellent communication abilities for cross-functional collaboration and customer interactions

Expectations

• Maintain security best practices and contribute to continuous improvement of security controls
• Collaborate effectively with internal teams and external stakeholders
• Manage multiple priorities in a fast-paced environment
• Stay current with evolving security and compliance requirements

Success Criteria for the First 3 Months

Understanding the Role

• Develop strong knowledge of Machinify's security policies, compliance requirements, and risk management processes
• Understand business objectives and regulatory landscape for healthcare payment integrity

Building Relationships

• Establish effective communication with IT, development, compliance, and business teams
• Actively participate in security and governance meetings
• Build collaborative relationships with key stakeholders

Time and Priorities Management

• Learn to effectively prioritize customer security requests and compliance activities
• Successfully complete assigned security documentation projects with minimal guidance
• Develop efficient workflows for routine compliance tasks

Feedback and Growth

• Incorporate feedback from team leads to improve security governance
• Demonstrate willingness to learn new security frameworks and compliance requirements

Confidence and Comfort

• Gain confidence in handling customer security questionnaires independently
• Become comfortable with compliance tools and processes

Success Criteria for the First Year:

Mastery of Responsibilities

• Demonstrate expertise in security compliance and risk management
• Consistently deliver high-quality security documentation and assessments
• Contribute to improving security governance processes

Building a Strong Network

• Establish yourself as a trusted advisor for compliance and risk matters
• Effectively collaborate across departments to address security concerns

Greater Responsibility

• Take ownership of specific compliance domains or risk management initiatives
• Contribute to security policy decisions and risk assessments

Career Progression and Development

• Obtain relevant security or compliance certifications
• Share knowledge and mentor other team members
• Contribute to security program documentation and process improvements

Recognition and Trust

• Become a reliable resource for compliance guidance and customer security assurance
• Demonstrate leadership in governance initiatives and projects

Pay range: $75,000 - $105,000

This is an exempt position. For Salary positions only: The salary range is for Base Salary. Compensation will be determined based on several factors including, but not limited to, skill set, years of experience, and the employee's geographic location.

What's in it for you

• PTO, Paid Holidays, and Volunteer Days
• Eligibility for health, vision and dental coverage, 401(k) plan participation with company match, and flexible spending accounts
• Tuition Reimbursement
• Eligibility for company-paid benefits including life insurance, short-term disability, and parental leave
• Remote and hybrid work options
• Support for security certifications and professional development

At Machinify, we're reimagining a simpler way forward. This begins with our employees. We are innovators who value integrity, teamwork, accuracy, and flexibility. We do the right thing, and we listen to the needs of our clients and their members. As tenured experts with unmatched experience, we champion diverse perspectives that help us to better understand and serve our clients.

Our values come to life through our culture. We embrace flexible working arrangements that allow our employees to bring innovation to life in the way that best suits their productivity. We work cross-functionally, abandoning silos, to bring innovative, accurate solutions to market. We invest in each other through ongoing education and team celebrations, and we give back to our communities through dedicating days for volunteering. Together, Machinify is making healthcare work better for everyone, and we're passionate about a future with better outcomes for all.

We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender, gender identity or expression, or veteran status. We are proud to be an equal opportunity workplace. Machinify is an employment at will employer.