Assurance Analyst (Hipaa), Security

Lyft San Francisco , CA 94118

Posted 4 months ago

At Lyft, community is what we are and it's what we do. It's what makes us different. To create the best ride for all, we start in our own community by creating an open, inclusive, and diverse organization where all team members are recognized for what they bring.

Our drivers and passengers entrust Lyft with their personal information and travel details to get where they're going, and expect us to keep that data safe. Lyft's security team leads efforts across the company to ensure our systems are secure and worthy of our users' trust. The security team designs and builds out Lyft's security architecture, consults with other teams as they build and launch new products and features, and responds to incidents that occur. We're software engineers first, we believe in scaling security through engineering and automation, and we ship frequently. Our work spans the entire company and takes place at all levels of the stack, from infrastructure to web application security, as well as mobile apps and IT.

The mission of this position: Operational responsibility for assuring the organization provably complies with the HIPAA Security Rule.

The right candidate will become Lyft's HIPAA Security Official, responsible for the development and implementation of all policies and procedures necessary to appropriately protect the confidentiality, integrity, and availability of our ePHI related information and the systems that contain ePHI. You'll be responsible for the management and supervision of the security measures we use to protect ePHI data and the conduct of personnel in relation to the protection of ePHI data. You'll work with engineers to drive the automated application and validation of HIPAA related policies as well as providing evidence for necessary internal and external audits.

If you want to learn more about the kinds of things we've built, check out our open-source secret management service for AWS users at https://lyft.github.io/confidant.

Responsibilities:

  • Ensure our ePHI related information systems comply with all applicable federal, state, and local laws and regulations.

  • Ensure that no information system comprises the confidentiality, integrity, or availability of any other ePHI related information system.

  • Develop, document, and ensure dissemination of appropriate HIPAA related security policies, procedures, and standards for the users and administrators of ePHI related information systems.

  • Ensure that newly acquired ePHI related information systems have features that support required and/or addressable security Implementation Specifications.

  • Coordinate the selection, implementation, and administration of significant ePHI related security controls.

  • Ensure workforce members receive regular ePHI related security awareness and training.

  • Conduct periodic risk analysis of ePHI related information systems and security processes.

  • Develop and implementing an effective ePHI related risk management program.

  • Regularly monitoring and evaluating threats and risks to ePHI related information systems.

  • Monitor auditing records to identify inappropriate activity regarding ePHI information.

  • Maintain an inventory of all information systems that contain ePHI.

  • Ensure adequate physical security controls exist to protect ePHI.

  • Coordinate with the Data Privacy Team and Privacy Counsel to ensure that security policies, procedures, and controls support compliance with the HIPAA Privacy Rule.

  • Review the HIPAA Security policies and procedures documentation and update on an annual basis.

  • Communicate the HIPAA Security Official's role and responsibility throughout the organization.

  • Retain documentation (e.g. training materials, job description) of the practices in place as evidence of HIPAA compliance.

Experience & Skills:

  • Prior, deep experience with the HIPAA Security Rule

  • Maintenance of a policy library

  • Partnership with both internal and external auditors

  • Computer networking concepts and protocols, and network security methodologies

  • Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy

  • Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)

  • Infrastructure security principles and methods (e.g., firewalls, DMZs, encryption)

  • Current industry methods for evaluating, implementing, and disseminating security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities

  • New and emerging IT and cybersecurity technologies

  • Supply chain security and supply chain risk management policies, requirements, and procedures

  • Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)

  • Assessing security controls based on cybersecurity principles and tenets (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, ect.)

  • Technical writing, knowledge management, technical documentation techniques

  • Preparing and presenting briefings/presentations

  • Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means

  • Collection, verification, and validation of test data

  • Understand technology, management, and leadership issues related to organization processes and problem solving

  • Interpret and translate customer requirements into operational action

  • Identify critical infrastructure systems with information communication technology that were designed without system security considerations

upload resume icon
See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Center Analyst

Taosmountain

Posted Yesterday

VIEW JOBS 1/16/2019 12:00:00 AM 2019-04-16T00:00 <strong>THIS IS NOT A REMOTE OPPORTUNITY / NO THIRD-PARTY VENDORS</strong><br />  <br /> Taos is immediately hiring a <strong>Security Center</strong> <strong>Analyst </strong>to work with a cutting-edge company in <strong>San Francisco, CA</strong>!<br />  <br /> <strong>Who you are:</strong><br /> You are a passionate Cybersecurity analyst with knowledge of security tools and concepts. You approach challenges with a positive, can-do attitude and creative forensic mindset. Your self-starting nature and eagerness to learn have propelled you in your career. You have an eagerness to challenge the status quo that is balanced by a reasonable and methodical approach to effecting change. You are looking to bring your strong communication and interpersonal skills to an organization that views security as a personal responsibility.<br />  <br /> <strong>What you’ll be doing:</strong> <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Perform monitoring, research, assessment, and analysis on all notable security events within the environment</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Setting and tuning alerting for important events</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Engaging with partners in engineering, IT, and operations to respond to and remediate events</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Identifying opportunities for implementing additional technology controls to create more visibility or defend key points of attack</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Designing visualizations of key sustaining metrics for 24x7 panes of glass</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Solving frontier security problems at scale in a highly technology-focused team</li> </ul>  <br /> <strong>What you’ll bring with you:</strong> <ul> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">At least 2 years of incident detection and response experience</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Strong scripting or relevant programming skills</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Experience with Splunk</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Knowledge of IDS such as SourceFire, FireEye, or PAN Wildfire</li> <li style="padding: 0; margin: 0;" style="padding: 0; margin: 0;">Familiarity with Network Analysis and Endpoint Security</li> </ul>  <br /> <strong>Who is Taos? </strong><br /> Taos is a comprehensive technology services company that simplifies today’s complex digital landscape by providing both strategic and technical guidance while implementing transformative solutions. As part of the nation's technology landscape since 1989, we offer opportunities that will allow you to achieve your career goals and objectives.<br />  <br /> We're changing the face of some of the most innovative companies with our diverse solution offerings, exceptional talent, and thought leadership. Our clients look to us first for advice, insight, and support, driving us to relentlessly focus on customer success.<br />  <br /> <strong>Let’s talk about us: </strong><br /> Some IT professionals watch their careers shoot straight up. Others spend years at one company after another struggling to get noticed and stay on top of developing technologies. If you are looking for a place that puts employees first while staying on the cutting-edge of technology, come to Taos. We’ll immerse you in multiple environments, give you access to the collaboration of a strong technical community, and expose you to innovation as it happens in real-time. With unparalleled adaptability, you have the opportunity to leverage Taos as an employer to be successful.<br />  <br /> <strong>Referrals: </strong><br /> We love referrals so much that we pay for them! If you know someone that you would recommend, send an email to <a href="mailto:referrals@taos.com">referrals@taos.com</a> or <a href="https://www.taos.com/contact-us/">Contact Us</a> and we will do the rest! We'll make sure that you receive the $1000 referral bonus after they are employed with us.<br />  <br /> <strong>Compensation: </strong><br /> Our compensation package includes a competitive salary, medical and dental insurance, 401k, paid vacation, sick time and holiday pay, plus loads of free training (Puppet, Chef, Nagios, LAMP Stack, PMP, ITIL, Python, etc.)!<br />  <br /> <strong>How to apply: </strong><br /> If you’re interested in this position or know someone who is, please email your resume (Word or PDF format) and contact information to <a href="mailto:opportunities@taos.com">opportunities@taos.com</a>.             <br />  <br /> Taos Mountain, LLC is an equal opportunity employer.  All qualified applicants will receive consideration for employment without regard to race, religion, color national origin, sex, age, status as a protected veteran, or status as a qualified individual with disability.<br />  <br /> Veterans are encouraged to apply!<br />  <br /> <strong>E-Verify Participant:</strong><br /> This employer will provide the Social Security Administration (SSA) and, if necessary, the Department of Homeland Security (DHS), with information from each new employee’s Form I-9 to confirm work authorization. Please go to <a href="http://www.taos.com/join-our-team/">http://www.taos.com/join-our-team/</a> and review the E-Verify Participant and Right to Work links for more information.<br /> <br /> #LI-POST Taosmountain San Francisco CA

Assurance Analyst (Hipaa), Security

Lyft