CERIS IT Compliance Analyst

The IT Compliance Analyst supports the organization’s compliance and risk management programs by coordinating assessments, audits, and certifications across frameworks such as HITRUST, SOC, HIPAA, and NIST. This role helps maintain a strong IT compliance posture by managing evidence, monitoring control performance, maintaining documentation, and partnering closely with IT, Security, Privacy, Legal and external auditors. The Analyst also contributes to continuous improvement efforts, compliance automation initiatives, and reporting that supports leadership visibility and informed decision-making.

Key Responsibilities

Assessment & Audit Support

• Coordinate internal and external compliance assessments, audits and certifications.
• Prepare, organize, and manage evidence to meet control and audit requirements.
• Track remediation activities and ensure timely closure of identified gaps.
• Maintain audit-ready documentation and support readiness reviews.
• Additional duties as assigned

Compliance Program Management

• Support development and maintenance of compliance frameworks, policies, and procedures.
• Monitor regulatory and framework changes, updating controls and documentation as needed.
• Participate in risk assessments and control evaluations to identify opportunities for efficiency, automation and continuous improvement.
• Conduct and/or support periodic control testing and continuous monitoring to validate control effectiveness and compliance readiness.
• Contribute to compliance metrics, dashboards and trend reporting for leadership visibility.

Collaboration & Communication

• Partner with IT, Security, Privacy, Legal and Operations to ensure consistent compliance practices.
• Collaborate with Privacy and Data Governance teams to ensure alignment with HIPAA, CCPA, GDPR and other data protection regulations.
• Communicate compliance requirements, audit findings and remediation progress clearly to stakeholders at all levels.
• Support awareness and training initiatives promoting compliance and data protection.
• Promote a culture of accountability and continuous improvement.

Qualifications

• Bachelor’s degree in Business Administration, Risk Management, Healthcare Administration, Legal/Paralegal Studies, Information Security or related field (or equivalent experience).
• 2–5 years of experience in compliance, audit, or information security.
• Working knowledge of regulatory frameworks (HITRUST CSF, SOC, HIPAA).
• Familiarity with healthcare regulatory authorities and governance areas (CMS, HHS, OCR, OIG).
• Experience coordinating audits and managing evidence requests across diverse teams.
• Strong organizational, analytical, and communication skills; detail-oriented and adaptable.

Preferred Skills

• Experience supporting HITRUST certification or readiness assessments.
• Collaboration with legal teams and practices including regulations, policies and contracts.
• Familiarity with GRC tools (e.g., Archer, ServiceNow GRC, ProcessUnity, OneTrust).
• Utilization of compliance automation tools (e.g., Conveyor, Drata, Vanta, Winify AI).
• Certifications such as HITRUST CCSFP, CISA, CISM, CRISC, CGEIT, or CISSP.

PAY RANGE:

CorVel uses a market based approach to pay and our salary ranges may vary depending on your location. Pay rates are established taking into account the following factors: federal, state, and local minimum wage requirements, the geographic location differential, job-related skills, experience, qualifications, internal employee equity, and market conditions. Our ranges may be modified at any time.

For leveled roles (I, II, III, Senior, Lead, etc.) new hires may be slotted into a different level, either up or down, based on assessment during interview process taking into consideration experience, qualifications, and overall fit for the role. The level may impact the salary range and these adjustments would be clarified during the offer process.

Pay Range: $59,681 – $96,123

A list of our benefit offerings can be found on our CorVel website: CorVel Careers | Opportunities in Risk Management

In general, our opportunities will be posted for up to 1 year from date of posting, or until we have selected candidate(s) to fulfill the opening, whichever comes first.

About CERIS

CERIS Inc., a division of CorVel Corporation, a certified Great Place to Work® Company, offers incremental value, experience, and a sincere dedication to our valued partners. Through our clinical expertise and cost containment solutions, we are committed to accuracy and transparency in healthcare payments. We are a stable and growing company with a strong, supportive culture along with plenty of career advancement opportunities. We embrace our core values of Accountability, Commitment, Excellence, Integrity and Teamwork (ACE-IT!).

A comprehensive benefits package is available for full-time regular employees and includes Medical (HDHP) w/Pharmacy, Dental, Vision, Long Term Disability, Health Savings Account, Flexible Spending Account Options, Life Insurance, Accident Insurance, Critical Illness Insurance, Pre-paid Legal Insurance, Parking and Transit FSA accounts, 401K, ROTH 401K, and paid time off.

CorVel is an Equal Opportunity Employer, drug free workplace, and complies with ADA regulations as applicable.

#LI-Remote

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.