Easter Seals Jobs

Position Overview

We are currently seeking a Project Analyst to support Labcorp’s privacy program, with particular focus on the information security compliance programs of Labcorp’s subsidiary Ovia Health. This position is within Labcorp’s Privacy Office, which is part of Labcorp’s Corporate Compliance Department. This is a full-time position. This position is located in Bengaluru, India. The position will report to and interact with the Labcorp privacy team located in the United States and Europe.

The Project Analyst supports the Ovia Health information security compliance function and administers Ovia Health’s annual Type 2 SOC 2 and HITRUST audits. The position also supports privacy and compliance activities across Labcorp to mitigate risk and ensure compliance with ethical and regulatory standards imposed by applicable state and/or federal laws and regulations, including GDPR, HIPAA and state privacy laws.

The Project Analyst should possess or develop a working knowledge of information security controls required by standards such as SOC2, HITRUST, NIST and ISO and be or become familiar with the evidence submitted to demonstrate compliance with such standards. The Project Analyst should understand software development and information security concepts and terminology. The Project Analyst will have a demonstrated ability to understand information flows and the ability to acquire a general understanding of the IT systems and tools used by Ovia Health’s engineering department.

The Project Analyst coordinates the conduct of Ovia Health’s information security audits. The Project Analyst liaises with the outside auditors, schedules audits, and manages the collection of evidence from Ovia Health internal resources. The Project Analyst performs regular information security compliance administration, including documenting grants of system access and termination and actions taken in regular information security meetings. The Project Analyst coordinates Ovia Health vendor reviews. The Project Analyst helps to ensure privacy and information security forms, policies, standards, and procedures are current, documented and followed. Collaborates with the Office of Information Security (OIS) for alignment of security and privacy compliance policies, procedures, and investigations.

Essential Functions

Information Security Certifications and Audits

• Coordinates Ovia Health information security audits. Liaises with the outside auditors, schedules audits, and manages the collection of evidence from Ovia Health internal resources and submission to auditors through online portals. Reviews evidence so that evidence meets necessary audit requirements. Ensures that regular internal procedures to produce audit evidence are followed. Participates in monthly and quarterly meetings to verify production of evidence.

Compliance

• Supports administration of information security-related policies and procedures. Documents necessary actions to support compliance. Supports and collaborates with other members of the Privacy Office on implementing programs to monitor compliance with regulations and organizational standards related to patient and member privacy. Identifies compliance issues that require follow-up or investigation.

Risk Management

• Manages Ovia Health vendor reviews through the Labcorp Enterprise Third Party Risk Management process; reports to internal stakeholders ensuring all relevant information has been provided for vendor review; follows up to ensure vendor reviews are occurring in a timely manner.

• Assists and collaborates with other members of the Privacy Office and Office of Information Security (OIS) on implementing risk management strategies, including models or methodologies of administrative, physical and technical measures to prevent, control or reduce identifiable risks based on assessment of operations and vulnerabilities with patient privacy and security of protected health information (PHI). Helps to devise systems to monitor validity of risk assessments, to develop contingency plans to mitigate risk, and to cooperate with internal stakeholders and auditors regarding Labcorp’s privacy program.

Customer Relations

• Maintains a comprehensive knowledge of Ovia Health information security controls; responds to client questionnaires and questions about information security at Ovia Health; as appropriate and when time zone permits, participate in telephone calls with clients to describe Ovia Health information security controls.

Policy and Procedure Development

• Participates in annual reviews of policies and procedures. Aids in the development and implementation of policies and procedures related to privacy and information security compliance throughout the Labcorp enterprise. Documents and communicates policies and procedures, established protocols related to reporting (internal systems and external regulatory bodies).

Communication and Training

• Supports the Privacy Team with communications, monitoring, and enforcement of compliance standards. Helps in the updating of employee training on privacy and security related topics, policies, or procedures. As timezones permit, delivers refresher and introductory information security training to Ovia Health personnel being onboarded.

Requirements

Our ideal candidate will have:

• Degree from accredited college or university

• Fluency in spoken and written English

• Five+ years of work experience

• Two to three years’ experience with information security audits such as SOC2, HITRUST or similar standards

• Two to three years’ experience providing support to US-based information security and/or privacy compliance functions

• Background in or familiarity with software development and/or information security, knowledge of software and security concepts and customary policies and procedures

• Project management skills so that projects are efficiently managed, follow-up actions are performed, and mistakes are corrected

• Excellent attention to detail

• Patience to perform regular checks of internal processes and capture evidence

• Ability to communicate with internal team members and with customers

• Ability to participate in conference calls on US Eastern time (mornings)

• Familiarity with the cloud services and tools offered by Amazon Web Services preferred

• Certification(s) in privacy and security compliance preferred

Labcorp is proud to be an Equal Opportunity Employer:

As an EOE/AA employer, Labcorp strives for diversity and inclusion in the workforce and does not tolerate harassment or discrimination of any kind. We make employment decisions based on the needs of our business and the qualifications of the individual and do not discriminate based upon race, religion, color, national origin, gender (including pregnancy or other medical conditions/needs), family or parental status, marital, civil union or domestic partnership status, sexual orientation, gender identity, gender expression, personal appearance, age, veteran status, disability, genetic information, or any other legally protected characteristic. We encourage all to apply. If you are an individual with a disability who needs assistance using our online tools to search and apply for jobs, or needs an accommodation, please visit our accessibility siteor contact us at Labcorp Accessibility .

For more information about how we collect and store your personal data, please see our Privacy Statement (https://www.labcorp.com/about/web-privacy-policy) .