Data Protection &IT Compliance Analyst - remote

Posted 2 years ago

Fullscript helps people get better. It's at the core of everything we do. As the leading platform for prescribing integrative health products, our work positively impacts millions of lives everyday. Our purpose extends well beyond our platform. As a health company, we are committed to the wellbeing of our team members. We are building an organization where people thrive, grow, and have a high impact through their work.

By joining us, you stand with our purpose. You are an independent thinker, who likes to leave things better than you found them. You do things not because they are easy but because they are right. Ready to make an impact?

We are looking for a Data Protection and IT Compliance Analyst to join our team. As a member of the IT team, you will work closely with key stakeholders and the Data Protection &IT Compliance Lead to monitor information systems cybersecurity, including supporting disaster recovery, database protection and software development. You will assist in ensuring all applications are functional and secure and ensure compliance with information systems security standards and best practices.

What you'll do

    • Compliance Monitoring - Monitor and track execution for the company’s required IT audits, penetration testing, and required certifications and recertifications.
    • Security Standards - Assist the Data Protection &IT Compliance Lead and/or others in the gap analysis of the Company’s security framework, and execute on security projects to close gaps in security posture.
    • Data Protection Initiatives - Review and edit policy and standards for the company data points which can be shared with various entities outside the company including practitioners, vendors, suppliers, and consumers.
    • Assist in the implementation and monitoring of data leak protection rules utilizing the capabilities available within the GSuite Enterprise Edition.
    • Perform company wide data exposure analysis by department.
    • Roll out measures to ensure adequate response in the event of a data breach.
    • IT Governance - Assist in the analysis of existing IT policies and procedures. Assist in developing any existing IT policies and procedures to ensure alignment with business requirements and the company’s strategic objectives.
    • Review any and all policies and procedures on at least an annual basis, under the supervision of the Data Protection &IT Compliance Lead
    • Implement changes requested by the lead or other department management
    • Liaise with other departments to ensure team members are trained on compliance initiatives

What you bring to the table

    • Bachelors degree in Computer Science or Computer Information Systems
    • Currently hold or be in the processes of obtaining one or more of the following certifications;CCSP, CCNA Security, Security+, NIST Cybersecurity Framework Certification
    • 1 or more years of experience working in a data protection and/or IT compliance related capacity
    • Experience working with policy and compliance training
    • Experience working in a regulated industry (Healthcare preferred)
    • Familiarity working with requirements of security frameworks such as HIPAA, PCI DSS, NIST Cybersecurity Framework, HITRUST, ISO 27000 Series, SOC2-1
    • Exceptional presentation and writing skills
    • Ability to consistently report on project status and assist in tracking large scale undertakings
    • Well-developed interpersonal skills with the ability to interact effectively with teammates at all organizational levels
    • Knowledge of Information Technology and Data Management Systems
    • Ability to handle confidential and sensitive information with appropriate discretion
    • Solid project and change management skills
    • Ability to identify and follow alternative methods to reach goals and implement solutions

What we can offer you

    • Generous PTO and competitive pay
    • Fullscript’s RRSP match program for financial health
    • Flexible benefits package and workplace wellness program
    • Training budget and company-wide learning initiatives
    • Discount on Fullscript catalog of products
    • Ability to work Wherever You Work Well*

*Our Wherever You Work Well philosophy means Fullscript teammates get to pick their own office —whether that’s in-office, at home, or a bit of both.

Fullscript is committed to diversity in its workforce and is proud to be an equal opportunity employer. We are excited to work with talented people, period. All employment decisions are based on business needs, job requirements, and individual qualifications, without regard to race, color, religion or belief, national or ethnic origin, gender, age, disability, sexual orientation, gender identity and/or expression, marital or civil status, political affiliation, family or parental status, or any other status protected by the laws or regulations in the jurisdictions in which we operate.

Accommodations are available on request for candidates taking part in all aspects of the selection process. Please send an email to accessibility@fullscript.com and let us know the nature of your request and your contact information.

Our team handles both personal information and personal health information, which means candidates that receive and accept employment offers must undergo a background check.

Want to learn more? Check us out at www.fullscript.com/careers, find us on social media, or check out our culture guide.