Assurance Analyst (Hipaa), Security

Lyft San Francisco , CA 94118

Posted 2 months ago

At Lyft, community is what we are and it's what we do. It's what makes us different. To create the best ride for all, we start in our own community by creating an open, inclusive, and diverse organization where all team members are recognized for what they bring.

Our drivers and passengers entrust Lyft with their personal information and travel details to get where they're going, and expect us to keep that data safe. Lyft's security team leads efforts across the company to ensure our systems are secure and worthy of our users' trust. The security team designs and builds out Lyft's security architecture, consults with other teams as they build and launch new products and features, and responds to incidents that occur. We're software engineers first, we believe in scaling security through engineering and automation, and we ship frequently. Our work spans the entire company and takes place at all levels of the stack, from infrastructure to web application security, as well as mobile apps and IT.

The mission of this position: Operational responsibility for assuring the organization provably complies with the HIPAA Security Rule.

The right candidate will become Lyft's HIPAA Security Official, responsible for the development and implementation of all policies and procedures necessary to appropriately protect the confidentiality, integrity, and availability of our ePHI related information and the systems that contain ePHI. You'll be responsible for the management and supervision of the security measures we use to protect ePHI data and the conduct of personnel in relation to the protection of ePHI data. You'll work with engineers to drive the automated application and validation of HIPAA related policies as well as providing evidence for necessary internal and external audits.

If you want to learn more about the kinds of things we've built, check out our open-source secret management service for AWS users at


  • Ensure our ePHI related information systems comply with all applicable federal, state, and local laws and regulations.

  • Ensure that no information system comprises the confidentiality, integrity, or availability of any other ePHI related information system.

  • Develop, document, and ensure dissemination of appropriate HIPAA related security policies, procedures, and standards for the users and administrators of ePHI related information systems.

  • Ensure that newly acquired ePHI related information systems have features that support required and/or addressable security Implementation Specifications.

  • Coordinate the selection, implementation, and administration of significant ePHI related security controls.

  • Ensure workforce members receive regular ePHI related security awareness and training.

  • Conduct periodic risk analysis of ePHI related information systems and security processes.

  • Develop and implementing an effective ePHI related risk management program.

  • Regularly monitoring and evaluating threats and risks to ePHI related information systems.

  • Monitor auditing records to identify inappropriate activity regarding ePHI information.

  • Maintain an inventory of all information systems that contain ePHI.

  • Ensure adequate physical security controls exist to protect ePHI.

  • Coordinate with the Data Privacy Team and Privacy Counsel to ensure that security policies, procedures, and controls support compliance with the HIPAA Privacy Rule.

  • Review the HIPAA Security policies and procedures documentation and update on an annual basis.

  • Communicate the HIPAA Security Official's role and responsibility throughout the organization.

  • Retain documentation (e.g. training materials, job description) of the practices in place as evidence of HIPAA compliance.

Experience & Skills:

  • Prior, deep experience with the HIPAA Security Rule

  • Maintenance of a policy library

  • Partnership with both internal and external auditors

  • Computer networking concepts and protocols, and network security methodologies

  • Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy

  • Vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins)

  • Infrastructure security principles and methods (e.g., firewalls, DMZs, encryption)

  • Current industry methods for evaluating, implementing, and disseminating security assessment, monitoring, detection, and remediation tools and procedures utilizing standards-based concepts and capabilities

  • New and emerging IT and cybersecurity technologies

  • Supply chain security and supply chain risk management policies, requirements, and procedures

  • Network security architecture concepts including topology, protocols, components, and principles (e.g., application of defense-in-depth)

  • Assessing security controls based on cybersecurity principles and tenets (e.g., CIS CSC, NIST SP 800-53, Cybersecurity Framework, ect.)

  • Technical writing, knowledge management, technical documentation techniques

  • Preparing and presenting briefings/presentations

  • Communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means

  • Collection, verification, and validation of test data

  • Understand technology, management, and leadership issues related to organization processes and problem solving

  • Interpret and translate customer requirements into operational action

  • Identify critical infrastructure systems with information communication technology that were designed without system security considerations

See if you are a match!

See how well your resume matches up to this job - upload your resume now.

Find your dream job anywhere
with the LiveCareer app.
Download the
LiveCareer app and find
your dream job anywhere

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Vendor Security Assurance Analyst


Posted 4 days ago

VIEW JOBS 11/10/2018 12:00:00 AM 2019-02-08T00:00 Vendor Security Assurance Analyst Location: San Francisco At Anaplan, we are looking for a self-motivated Vendor Risk Assessor to join our growing team of compliance experts in our vibrant tech hub in San Francisco, CA to identify and mitigate the risks associated with the growing use of third party vendors. You have a genuine passion for evaluating security risk posed by vendor relationships and you are willing to go the extra mile to drive complex risk assessments to completion. You're organized, methodical, and adaptable with changing priorities. You thrive in an environment that deeply values collaboration, feedback, and learning. Anaplan's San Francisco office is located in the heart of the eclectic SOMA district, you can feel the excitement and energy of what we do at Anaplan when you step into our San Francisco office. There are open floor plans, fully stocked kitchens, and great collaboration spaces, and we focus on making sure that you have everything you need to work well from the right lighting to the latest technology. When it's time for the team to play together, we visit with our neighbors at a Giants game or a local pub's happy hour Come see for yourself what a collaborative and exciting place to work looks like. This role is an immediate full-time position. If you're ready to roll up your sleeves and tackle a large and growing challenge, keep reading. What you'll do: * Build out a robust, scalable third-party risk security program * Draft and document program, supplier risk classification and processes * Assess prospective vendor security and privacy programs for risk * Engage with business process owners, and members of procurement, legal, and security operations teams to draft assessment reports, and edit services agreements and data processing agreements * Discuss findings with security staff and management * Drive vendor remediation items to completion * Articulate supplier risk profile and threats to management * Work with Procurement and Legal to define and review contractual clauses pertaining to security * Conduct follow-up assessments to ensure risks were identified and mitigated * Participate in other compliance, privacy, and security projects on an ad hoc basis More about you: * 4-6 years' experience performing vendor risk assessments and audits, and editing services agreements and data processing agreements * Previous experience with industry frameworks and standards such as NIST 800-53, ISO 27001-2 and Service Organization Control (SOC) * Familiarity with industry standard information collection methods such as Standard Information Gathering (SIG) and Cloud Security Alliance CAIQ. * CISA, CISSP, CIPP or similar certification, and/or certification in vendor management * Detailed knowledge of several information security domains, such as access control and network security * Ability to understand and evaluate penetration test reports Technologies you'll work with: * Anaplan * SharePoint * Scout * Governance, risk, and compliance software Bonus points: * Experience with FedRAMP * Love of wordplay Do you align with Anaplan's Values? Collaborative: We go out of our way to help others succeed Explore all of our Values on #AnaplanLOVE About Anaplan We're building a truly unique technology. From our calculation engine and in-memory data store, to apps and predictive analytics; amazing technology is being developed every day. We're addressing a $100B/year problem that all global businesses face. Our mission is to break the traditional business planning mold, currently performed through spreadsheets or legacy systems. Anaplan's Connected Planning platform is enabling customers to improve decision-making by turning response time into real time. With 900+ customers and 175+ partners globally, Anaplan's platform is solving some of the most complex challenges in business. CEOs, analysts, and the press agree—Anaplan is changing the way the world does business. Learn about our history, see our recognitions and achievements, and take a look at what it's like to work at Anaplan. Get to know more about working at Anaplan by checking out our social channels. Facebook Twitter Instagram YouTube CAN'T FIND THE PERFECT ROLE FOR YOU? NEW OPPORTUNITIES ARE OPENING UP DAILY: ANAPLAN.COM/CAREERS #LI-SM1 Anaplan San Francisco CA

Assurance Analyst (Hipaa), Security