Job
Description
NationsBenefits is the leading provider of supplemental benefits, flex cards, and member engagement solutions that partners with managed care organizations to provide innovative healthcare solutions designed to drive growth, improve outcomes, reduce costs, and delight members. Our comprehensive suite of innovative supplemental benefits, payments platform, and member engagement solutions help health plans deliver high-quality benefits to their members, addressing social determinants of health and improving member health outcomes and satisfaction. With a compliance-focused infrastructure, proprietary technology systems, and premier service delivery model, we enable our health plan partners to deliver high-quality, valuebased care to millions of members. We offer a fulfilling work environment that attracts top talent and encourages all associates to do their part in delivering premier service to internal and external customers alike. It’s how we’re transforming the healthcare industry for the better. We provide career advancement opportunities within the organization with multiple locations in Florida, California, Pennsylvania, Tennessee, Texas, Utah, and India. You might also like to know that NationsBenefits is also recognized as one of the fastest growing companies in America. We’re proud of how far we’ve come, and a career with us also gives you growth opportunities. Position Overview The Senior Compliance Analyst is responsible for leading the assessment, monitoring, and maintenance of the organization’s internal control environment and compliance efforts related to key regulatory and industry standards, including HITRUST, SOC 2, and PCI DSS. This role will serve as a subject matter expert in audit readiness and compliance reporting, working closely with internal stakeholders, auditors, and assessors to ensure successful certification and audit outcomes. The Senior Compliance Analyst will also play a critical role in control testing, evidence gathering, and issue remediation tracking. Key Responsibilities Regulatory and Framework Compliance Oversight Serve as the internal point of contact for all matters related to HITRUST, SOC 2, and PCI DSS compliance. Coordinate and support the execution of external audits and assessments. Monitor ongoing compliance activities across departments to ensure adherence to regulatory requirements and industry frameworks. Maintain up-to-date knowledge of changes in applicable standards and regulations, proactively updating policies and controls. Internal Controls Monitoring and Testing Conduct routine internal control testing to validate design and operational effectiveness. Document findings, track remediation efforts, and escalate issues where necessary. Collaborate with control owners to ensure proper documentation, process alignment, and control maturity. Manage evidence collection and maintenance for audit readiness throughout the year. Audit Readiness and Execution Own end-to-end preparation for compliance audits including control mapping, pre-audit checks, and facilitating walkthroughs. Partner with internal teams and external auditors to manage audit logistics, request responses, and evidence delivery. Lead corrective action plans in response to audit findings. Policy and Procedure Support Assist in the development, review, and maintenance of compliance-related policies, procedures, and standard operating documents. Ensure controls and practices align with documentation and are consistently applied across the organization. Reporting and Risk Tracking Maintain dashboards and reports tracking control health, audit status, and compliance program KPIs. Support the GRC Director with compliance reporting for internal and external stakeholders. Qualifications Education Bachelor’s degree in information systems, Cybersecurity, Business Administration, or a related field. Master’s degree or equivalent experience preferred. Experience 4–6 years of experience in a compliance, risk, or IT audit role. Hands-on experience supporting HITRUST, SOC 2, or PCI DSS audits. Familiarity with risk assessment, control testing, and remediation tracking processes. Certifications (Preferred) Certified Information Systems Auditor (CISA) HITRUST Certified CSF Practitioner (CCSFP) Certified in Risk and Information Systems Control (CRISC) CompTIA Security+ or similar Skills Strong knowledge of compliance frameworks and internal control principles. Excellent project management and organizational skills. Ability to communicate effectively with both technical and non-technical stakeholders. Comfortable managing multiple priorities in a fast-paced environment. Proficiency with GRC tools and audit management platforms. Key Competencies Attention to Detail: Ability to meticulously validate evidence and control execution. Analytical Skills: Identify compliance gaps and recommend practical solutions. Collaboration: Work cross-functionally to gather evidence and align processes. Accountability: Drive audit preparation and closure of compliance gaps. Adaptability: Stay current with evolving regulatory requirements and apply them effectively
