Sr. Compliance Analyst
At GoodRx, we believe that all Americans should have access to convenient and affordable healthcare. As a nation, we spend about $3.5 trillion annually on our healthcare, but too many Americans struggle to get the care they need, and prices just keep rising. Our marketplaces for prescription medicines and telehealth have helped Americans save $20 billion since 2011. GoodRx is a profitable business funded by top-tier investors; we're based in Santa Monica with additional offices around the country. We're a low-key and tight-knit group that likes to find new ways to fix big problems. If you share our belief that you can do well by doing good, let's talk.
We’re committed to growing and empowering a more inclusive community within our company and industry. That’s why we hire and cultivate diverse teams of the best and brightest from all backgrounds, experiences, and perspectives. We believe that true innovation happens when everyone has room at the table and the tools, resources, and opportunity to excel.
About the Role
We are looking for someone with a strong IT audit experience and background in the technical implementation of SOC2, ISO 27001 or SOX-404. As our Senior Analyst, you will support compliance initiatives by engaging various process owners in the design, documentation, implementation, and monitoring of the appropriate IT controls in our computing environments and demonstrating those controls to external auditors. This position will report into the Manager of Compliance.
Responsibilities
- Auditing of complex IT and Security environments and serving as the staff on audits.
- Performing risk assessments and audits with limited supervision from management.
- Capturing and analyzing information to identify key risks and corresponding controls.
- Systematically testing and evaluating controls to verify efficiency and effectiveness of operation, reliability of information and compliance with applicable laws and regulations.
- Communicating findings and recommendations to management.
- Documenting risk assessment and audit work.
- Assist with SOC 2 and other external audits.
- Following-up and implementing corrective actions.
- Identifies internal control standard methodologies and promotes their adoption across the enterprise.
- Deliver training to other members of the company on policies and procedures.
- Lead security audit projects using appropriate methodologies.
Skills & Qualifications:
- Experience in IT regulation and compliance standards such as SOC 2, ISO 27001, SOX-404, HIPAA, and PCI.
- Minimum of 3 years’ experience in an audit or compliance role.
- Understanding of IT methodologies, such as software development lifecycle and operations.
- Ability to understand complex technical environments.
- Excellent oral, written and presentation communication skills
- Bonus Points - CISA certification, Experience working for a company in the technology or healthcare industry, Experience working in Amazon Web Services and Google Cloud environments a plus.
GoodRx is America's healthcare marketplace. The company offers the most comprehensive and accurate resource for affordable prescription medications in the U.S., gathering pricing information from thousands of pharmacies coast to coast, as well as a telehealth marketplace for online doctor visits and lab tests. Since 2011, Americans with and without health insurance have saved $20 billion using GoodRx and 15 million consumers visit goodrx.com each month to find discounts and information related to their healthcare. GoodRx is the #1 most downloaded medical app on the iOS and Android app stores. For more information, visit www.goodrx.com.