← Back to all jobs
E

Compliance Analyst (Hands-On HIPAA Security)

Etica, Inc.

3h ago

0$100k - $108kLegalRemote, USjobspy_indeed
remoteindeed

Job Description

**About HIPAA Vault** HIPAA Vault is a leading managed cloud and compliance provider for healthcare. We keep thousands of **managed sites** secure and audit\-ready across HIPAA Linux, WordPress, Windows, and WooCommerce hosting, Google Cloud Platform, and secure workspace services (HIPAA Gmail, O365, Forms, Fax, Text, and sFTP) — backed by 24/7 support, a **\<15\-minute critical response time**, and 90% first\-call resolution. Our clients trust us because real engineers do the work, and here compliance means secure *systems*, not just secure paperwork. **The Role** This is a **hands\-on** Compliance Analyst role for someone who fixes things, not just flags them. You'll live in the servers, cloud consoles, and ticket queue — hardening systems, remediating vulnerabilities to closure, driving incident response, and keeping our HIPAA / SOC 2 / NIST posture backed by real technical evidence. You'll work alongside our security and systems team in a fast\-moving, 24/7 managed\-hosting environment. If your idea of compliance is writing policies and filling out questionnaires, this isn't the role. If you like getting on a Linux box and *closing* the finding, read on. What You'll Do * **Remediate vulnerabilities end\-to\-end** — triage scanner output (Rapid7 or similar), verify findings, apply fixes across **Linux and Windows** servers, and confirm closure. Own the result, not just the report. * **Secure our WordPress fleet at scale** — patch core/plugins/themes, harden configurations, and help automate updates across large numbers of sites. * **Harden cloud infrastructure** on **Google Cloud Platform** — IAM/least\-privilege, Cloud Armor / WAF policies, and secure configuration baselines. * **Drive incident response** from detection through root\-cause analysis and written RCA, coordinating with the team inside our 24/7 response SLAs. * **Operate encryption and BAA controls** — configure and validate encryption for HIPAA Gmail, O365, Fax, and file transfer; manage BAAs as living controls, not a spreadsheet. * **Assist customers with audits and security questionnaires** — a **weekly**, customer\-facing activity: help clients accurately complete HIPAA audits, third\-party security assessments, and vendor risk questionnaires, and get them submitted on time. * **Run risk assessments and audits** and maintain HIPAA / SOC 2 / NIST / HITECH evidence drawn directly from the systems we manage. * **Deliver security awareness training** (including phishing simulations) and answer daily customer compliance questions. * **Build repeatable process** — log every finding in our tracking system, create and manage tasks, document runbooks, and turn recurring manual checks into automation. **What Success Looks Like (First 90 Days)** * Vulnerabilities are triaged, remediated, and **verified closed** on a predictable cadence with the process documented. * Every security observation lives in the central tracking system, not in chats or memory. * At least one recurring