Risk & Compliance Analyst

Overview: The Risk and Compliance Analyst is internal to Inovalon a part of the Enterprise Risk and Compliance department that partners with Technology, business groups, and project teams to perform risk and compliance activities for applications, infrastructure, and vendor third parties.   In addition, this position supports enterprise security, risk, and compliance initiatives that improve Inovalon’s security posture, management control systems, liaises with the company's external audit firm, and helps foster an appreciation for a strong control environment across the organization. Candidate must be able to build working relationships and drive change with various levels of management on an enterprise scale, and be able to articulate how assessment results translate to business risk for the organization.

Duties and Responsibilities:

• Participant in cross functional teams and business groups for enterprise risk and compliance projects;


• Identify, document, test, assess, and remediate potential IT risk areas and inquiries of applications, business processes, requirements are integrated into Inovalon products and information systems and other departments as needed;


• Support the departments execution and delivery of  risk-based IT assessments and SOC compliance activities; - Perform reviews such as data integrity, Information security risk assessments, technical compliance reviews, third party vendor in conjunction with HIPPA vendor management program;


• Prepare deliverables/reports for review by the Risk and Compliance management and senior leadership that include issues, trends and other micro/macro level risks identified through the execution of IT internal control work and other assurance-related activities;


• Creates compliance documents or project artifacts in standard situations; identifies root causes of risk, security, and/or compliance incidents that arise, solve and escalate as necessary to resolve them;


• Develop and utilize collaborative networks with key contacts within and outside of their immediate organization; and


• Assist with department response to prospective client Request for Proposal (RFP), periodic client inquiries and control assessments, and other third party inquiries.


• Maintain compliance with Inovalon’s policies, procedures and mission statement;


• Adhere to all confidentiality and HIPAA requirements as outlined within Inovalon’s Operating Policies and Procedures in all ways and at all times with respect to any aspect of the data handled or services rendered in the undertaking of the position; and


• Fulfill those responsibilities and/or duties that may be reasonably provided by Inovalon for the purpose of achieving operational and financial success of the Employer.

Job Requirements:

• Security / Audit-related certifications preferred, such as CISA, CISSP, CRISC;


• 2+ years of experience collaborating in teams and working within the areas of Internal Audit, Technology Governance, Risk Assurance, and/or Internal Controls. Healthcare industry experience is a plus;


• Familiarity with COSO/COBIT internal control framework a plus; and


• An in-depth understanding of core information technology processes and controls, current trends in corporate information technology and emerging themes in the market place.

Education:

• Bachelor’s degree in Business, Technology, and/ or equivalent work experience;

Physical Demands and Work Environment:

• Sedentary work (i.e. sitting for long periods of time);


• Exerting up to 10 pounds of force occasionally and/or negligible amount of force;


• Frequently or constantly to lift, carry push, pull or otherwise move objects and repetitive motions;


• Subject to inside environmental conditions; and


• Travel for this position will include less than 5% locally usually for training purposes.