Compliance Analyst

Our trusted high-growth healthcare technology partner is seeking a highly skilled Compliance Analyst to join their dynamic team. This innovative company is dedicated to revolutionizing the healthcare industry through cutting-edge technology solutions.

Position Overview:

As a Compliance Analyst, you will be responsible for monitoring, implementing, and maintaining regulatory compliance programs to ensure Lightning Step meets security, privacy, and industry regulations. You will work closely with security, legal, and engineering teams to support audits, assess risks, and maintain compliance with frameworks such as HIPAA, HITRUST, and PCI DSS.

Responsibilities:

• Regulatory Compliance & Risk Management – Ensure adherence to compliance frameworks (e.g., HIPAA, HITRUST, SOC 2, PCI DSS) by conducting risk assessments and managing compliance documentation.
• Audit & Certification Support – Assist in preparing for external audits, coordinating evidence collection, and ensuring continuous compliance readiness.
• Policy Development & Enforcement – Develop, update, and enforce company policies related to security, privacy, and regulatory compliance.
• Third-Party Risk Management – Assess and monitor vendor security and compliance, ensuring that third-party partners align with regulatory requirements.
• Incident & Data Privacy Management – Support incident response efforts, ensuring compliance with reporting requirements and data privacy laws.
• Security Awareness & Training – Assist in developing training materials and conducting security and compliance awareness programs for employees.
• Compliance Monitoring & Reporting – Track regulatory changes, assess impact on Lightning Step, and ensure timely implementation of necessary adjustments.
• Security Governance & Documentation – Maintain compliance documentation, including risk registers, policies, and controls, ensuring accuracy and accessibility for stakeholders.

Requirements:

• Regulatory Expertise – Strong knowledge of HIPAA, HITRUST, SOC 2, PCI DSS, GDPR, or similar compliance frameworks.
• Audit & Assessment Experience – Experience preparing for internal/external audits, including gathering evidence and ensuring documentation is audit-ready.
• Risk Management Skills – Ability to identify, assess, and mitigate risks related to security, privacy, and compliance.
• Policy Development & Governance – Experience writing, implementing, and enforcing policies related to security and regulatory compliance.
• Third-Party Compliance Oversight – Understanding of vendor risk management, including conducting security questionnaires and managing third-party compliance
• egal & Privacy Knowledge – Familiarity with healthcare regulations, data privacy laws (e.g., GDPR, CCPA), and contract compliance.
• Technical Understanding – Basic knowledge of security controls, cloud security, and cybersecurity principles to bridge the gap between compliance and technical teams.

Benefits:

• Competitive salary to recognise and reward your achievements.
• Flexible work environment.
• Opportunities for professional and personal growth.