Compliance Analyst

Rally Health Washington , DC 20319

Posted 2 months ago

Rally Health is all about putting health in the hands of the individual. It's our mission, and it drives everything we do, which is to empower people with easy-to-use online and mobile tools that help them take charge of their health and health care, from improving their diet and fitness to selecting health benefits, and choosing the right doctor at the right price for their needs.

Our culture is built on a deep and sincere dedication to helping people live healthier lives. To do this, we are committed to innovating at every level. As our president and COO David Ko says, "We are a company that continuously innovates. It cannot end. It has to be in everything we do, which means that some of the things we're going to do are not going to work and that's okay. We're not trying to build something that is churn and burn. We're building something that follows consumers over their lifetime.


  • Assists and supports the organization with ongoing testing and monitoring of conformance to the requirements of various compliance standards and legislation.

  • Performs evaluation of internal controls, communications, risk assessments and maintenance of documentation, as it relates to SOC 2 Type 2, HiTrust, HIPAA and NIST.

  • Conducts ongoing internal audits, assessing risk in terms of security controls. Identifies risk and evaluates deficiencies while working with internal departments/business units to appropriately remedy them.

  • Communicates audit results and prepares written documentation/reports, disclosing all significant deficiencies to management.

  • Facilitates internal training on compliance requirements.

  • Conducts ongoing SOC 2 audits, assessing risk in terms of SOC 2 Trust Service Principles security controls

  • Identifies risk and evaluates deficiencies while working with internal departments/business units to appropriately remedy them.

  • Communicates audit results and prepares written documentation/reports as it relates to SOC 2, disclosing all significant deficiencies to management.

  • Facilitates internal training on requirements of SOC 2 compliance.

  • Perform other team duties as required


  • 3-5 years of experience providing support for corporate compliance efforts

  • Experience with SOC 2 Type 2, PCI DSS, HiTrust, Sarbanes Oxley, ISO 27001, Privacy Shield

  • Demonstrate in-depth knowledge associated with HIPAA compliance and NIST security framework

  • Experience with building, updating corporate IT and Security policies and procedures

  • Ability to lead time effectively to meet deliverables when working different teams in different time zone

  • Highly motivated individuals with focus on accountability and following up

  • Excellent written and verbal communication skills

  • Experience with RFI and RFP support is desired

  • Experience with Safe Harbor is also desired

  • Bachelor's degree in related discipline or equivalent experience is a requirement

  • CISM, CISA, GCEIT, CRISC certification are a plus

Why join Rally? On top of a creative work atmosphere and a chance to help people change their lives, we offer competitive pay, daily catered lunches, and an extensive benefits package for all full-time employees (including medical, dental, vision and 401(k)). In addition, offer the ability to grow, while truly making an impact in the healthcare system.

Rally Health is committed to ensuring that its workforce reflects America's diverse population. Rally Health knows that such diversity will enrich us with the talent, energy, perspective and inspiration it needs to achieve its mission. Rally Health believes in a policy of equal employment and opportunity for all people based on merit and dedication to the principles of diversity. It is our policy to recruit, hire, train, and promote individuals in all job titles, and administer all programs, without regard to race, color, religion, national origin or ancestry, citizenship, sex, age, marital status, pregnancy, childbirth or related medical conditions, personal appearance, sexual orientation, gender identity or expression, family responsibilities, genetic information, disability, matriculation, political affiliation, veteran status, union affiliation, or any other category protected by applicable federal, state or local laws.

Individuals with disabilities and veterans are encouraged to apply. Applicants who require an accommodation related to the application and/or review process should notify Talent Acquisition (

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Fisma Compliance Analyst

Marcelle Consultants

Posted 1 week ago

VIEW JOBS 5/17/2019 12:00:00 AM 2019-08-15T00:00 <p> Marcelle Consultants is seeking a security professional with experience performing FISMA compliance for the federal government. The Information System Security Officer (ISSO) is responsible for Security Authorization activities for Marcelle’s client in accordance with National Institute of Standards and Technology (NIST) 800 series. A successful candidate will manage tasks related to the planning and preparation for security documentation related to the system authorization process. The individual should have a strong background in NIST 800-37, Risk Management Framework and NIST 800-53 security controls. The ISSO will be responsible for the following: </p><p><br></p><p>Specifically, the ISSO will be responsible for the following:<br></p><ul> <li>Develop and update the information systems security documentation (Security Plan, Contingency Plan, Contingency Plan Test, Business Impact Analysis, FIPS-199, eAuthentication, Privacy Threshold Analysis, etc.)</li> <li>Coordinate the remediation of Plan of Action and Milestones (POA&amp;M) findings with various groups</li> <li>Facilitate and support the Ongoing Authorization Program</li> <li>Effectively communicate technical information to non-technical personnel</li> <li>Conduct Information System Security Officer responsibilities to include the approval of change request, the review of audit logs, the review of system accounts, and the analysis of vulnerability scans </li> <li>Develop waivers &amp; exceptions for information system vulnerabilities. </li> <li>Work with the clients to develop capabilities briefings and presentations.</li> <li>Provide security recommendations to the Risk Management Branch Chief </li> </ul><p><strong>Requirements</strong></p><p>Candidate must have:</p> <ul> <li>Associates degree or higher</li> <li>A Secrete level security clearance</li> <li>3-5 years experience in the field of information security</li> <li>Knowledge of security tools, security architecture, and NIST security standards and compliance measurements</li> <li>Experience in the application of FISMA guidelines including the NIST special publications 800-18, 800-30, 800-37, 800-39, 800-53, 800-53A, and 800-60</li> <li>Understanding of the NIST Supplemental guidance for Ongoing Authorization</li> <li>Strong writing and communication skills</li> </ul> Marcelle Consultants Washington DC

Compliance Analyst

Rally Health