[Remote] Continuity & Security Assurance Analyst
Note: The job is a remote job and is open to candidates in USA. Government Employees Health Association, Inc. (G.E.H.A) is a nonprofit member association that provides health and dental benefits to federal employees and their families. The Continuity and Security Assurance Analyst supports the Cybersecurity and Information Protection program by executing security, compliance, and business continuity initiatives, ensuring the resilience and security of G.E.H.A’s systems and data.ResponsibilitiesDevelop and execute security, compliance, and risk assessment plans aligned to regulatory requirements, industry standards, and G.E.H.A policiesMonitor security programs and systems, analyze logs and activities, and identify control gaps, anomalies, or areas of elevated riskPerform audits across key control areas, including Data Loss Prevention (DLP), inbound email security/quarantine processes, and user access managementPerform and support periodic user access control reviews, including validation of user entitlements, identification of inappropriate or excessive access, coordination with business owners, and tracking remediation of identified issuesReview and troubleshoot compliance requests to ensure alignment with G.E.H.A security policies, standards, and applicable legal/regulatory requirementsConduct ongoing compliance monitoring activities, including documentation, evidence collection, and remediation tracking for identified issuesEvaluate existing processes and controls, identify areas for improvement, and develop actionable remediation plans to strengthen compliance and security postureSupport internal and external audits by preparing documentation, coordinating responses, and validating control effectivenessCreate, maintain, and enhance security documentation, procedures, and control artifacts to support governance and audit readinessSupport the execution of security awareness and training initiativesContribute to the development and continuous improvement of programs that ensure the availability and resilience of G.E.H.A’s information systems and dataSupport the Business Continuity and Disaster Recovery (BCDR) program, including planning, documentation, testing, and continuous improvement activitiesAssist in the Third Party Risk Management program, including review and analysis of third-party maturity assessments, SOC reports, and HITRUST certificationsMonitor third-party security posture and identify risks, gaps, and opportunities for improvement across G.E.H.A’s vendor ecosystemSkillsBachelor's degree in Computer Science, Information Systems, or a related disciplineThree (3) or more years of experience in Information Technology, Information Security, IT Assurance, Risk Management, Governance, or Business ContinuityEquivalent combinations of education and additional experience may be considered in lieu of formal degree or certification requirementsOne or more industry certifications such as: CISSP, HCISPP, CRMA, CGEIT, CRISC, CISM, CISA, CBCP, GIAC, or similar governance, risk, security, or BCDR certificationsWorking knowledge of governance, risk, and compliance frameworks such as: COSO, COBIT, ITIL, ISO 31000, ISO 27002, ISO 22301, NIST CSF, NIST 800‑53, and SANS Critical Security ControlsExperience with enterprise Governance, Risk, and Compliance (GRC) platforms (e.g., Archer, MetricStream, LockPath, etc.)Proficiency with Microsoft Office applicationsStrong analytical and problem-solving skills with the ability to identify risk and recommend practical solutionsEffective written and verbal communication skills, including the ability to translate technical risks into business-focused languageAbility to build relationships, influence stakeholders, and collaborate across multiple business units and teamsStrong organizational skills with the ability to manage multiple priorities in a fast-paced environmentCustomer service orientation with a focus on delivering high-quality, accurate outcomesEffective presentation and interpersonal skillsMust have the ability to provide a non-cellular High Speed Internet Service such as Fiber, DSL, or cable Modems for a home officeA minimum standard speed for optimal performance of 30x5 (30mpbs download x 5mpbs upload) is requiredLatency (ping) response time lower than 80 msHotspots, satellite and wireless internet service is NOT allowed for this roleA dedicated space lacking ongoing interruptions to protect member PHI / HIPAA informationBenefitsCompetitive pay/salary rangesIncentive planHealth/Vision/Dental benefits effective day one401(k) retirement plan: company match – dollar for dollar up to 4% employee contribution (pretax or Roth options) plus a 6% annual company contributionRobust employee well-being programPaid Time OffPersonal Community Enrichment TimeCompany-provided Basic Life and AD&DCompany-provided Short-Term & Long-Term DisabilityTuition Assistance ProgramHybrid and work-from-home options for many of our rolesCompany OverviewG.E.H.A is one of the largest benefits providers offering medical and dental plans for federal employees, retirees and their dependents. It was founded in 1937, and is headquartered in Lees Summit, Missouri, USA, with a workforce of 501-1000 employees. Its website is https://geha.com/.