Sr. IT Risk Management & Compliance Analyst:
Castlight Health is looking for a Sr. IT Risk Management & Compliance Analyst to join our Governance, Risk, and Compliance (GRC) team and assist with strengthening the compliance program. The ideal candidate is someone with a basic understanding of IT aspects of SOC 2 and HITRUST compliance and has experience working with control owners to design and implement, test, and report on control activities. The position will focus primarily on supporting our current SOC 2 and HITRUST compliance by driving consistent processes across in-scope systems. This position requires a self-starter with a positive and growth-focused mindset, and someone looking to be an agent of change.
This position can be remote but with an expectation to travel to San Francisco, CA or Sandy, UT periodically.
Castlight Health, Inc. offers a comprehensive software-as-a-service platform that simplifies health benefits navigation for millions of employees. Our platform matches employees to the best resources their employers make available to them – whether they are healthy, actively seeking medical care, or managing a condition – and motivates them to take the best steps for their health. Castlight helps employers generate more value from their benefits investments by helping to improve outcomes, lower health care costs, and increase benefits satisfaction.
- Coordinate with external auditors for SOC 2 and HITRUST audits. This includes leading process walkthroughs, gathering control evidence and managing the audits from planning to reporting.
- Create and/or remediate SOC 2 and HITRUST controls in support of meeting audit objectives.
- Review IT process, controls and other project documentation related in close coordination with various stakeholders/GRC Manager.
- Designs IT testing procedures to identify and evaluate risk exposures and determine the effectiveness and efficiency of controls.
- Assists with the creation of effective remediation solutions and/or exception documentation where applicable.
- Serves as a subject matter expert and point of contact to internal stakeholders and external auditors.
- Assists with the successful completion of the quarterly UAR (User Access Review) audit process.
- Assist in other compliance activities as assigned.
Who You are:
You’re someone who wants to influence your own development. You’re looking for a company where you have the opportunity to pursue your interests across functions. You’re looking to make an impact quickly and be able to dictate your career. Where a job title is not considered the final definition of who you are, but the starting point.
- Bachelor’s degree in Accounting, Business, Information Technology or Computer Science preferred or equivalent experience.
- Minimum of 3-5 years related work experience in IT Audit, IT Compliance, or IT Risk Management
- Demonstrated experience in assisting or being the subject of SOC 2 and HITRUST evaluations including planning, scoping, execution, and reporting of audit programs.
- Strong understanding of SOC 2, HITRUST, and management’s responsibilities
- Experience with IT external attestation standards, such as ISO 27001, HIPAA, SIG, and SOX a plus
- Ability to take ownership and be effective with limited supervision
- Ability to produce high quality policy documentation and reporting for management
- Effective at engaging with teams in various functions and across different levels
- Strong organizational skills and ability to prioritize and manage multiple projects simultaneously
- Excellent analytical and written skills
- Understanding of common SaaS applications supporting financial business processes (e.g. Workday, NetSuite, Salesforce)
- Understanding of modern application development
- Previous auditing experience as an external auditor a plus (Big 4, national, regional public accounting firms)
One team. On a mission. Making things happen.
Diversity and Inclusion:
The Castlight culture values and celebrates different backgrounds, perspectives, and points of view. We believe our diversity helps drive creativity and innovation. We strive to make everyone feel included, valued, and engaged; enable them to do their best work; and build their careers here at Castlight. That is why diversity and inclusion are more than just words to us. Rather, they are a commitment to a culture where employees feel respected and empowered to share their ideas and deliver the best results.
Learn more about our continuing commitment to diversity and inclusion.
Castlight is on a mission to make it as easy as humanly possible to navigate healthcare and live happier, healthier, more productive lives. Our health navigation platform connects with hundreds of health vendors, benefits resources, and plan designs, giving rise to the world’s first comprehensive app for all health needs. We guide individuals—based on their unique profile—to the best resources available to them, whether they are healthy, chronically ill, or actively seeking medical care. In doing so, we help companies regain control over rising healthcare costs and get more value from their benefits investments. Castlight revolutionized the healthcare sector with the introduction of data-driven price transparency tools in 2008 and the first consumer-grade wellbeing platform in 2012. Today, Castlight serves as the health navigation platform for millions of people and is a trusted partner to many of the largest employers in the world. We are headquartered in San Francisco and can be found online at www.castlighthealth.com.
Castlight Health provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Castlight Health will provide reasonable accommodations for qualified individuals with disabilities.