Job Posting Title

Agency

Supervisory Organization

Job Posting End Date (Continuous if Blank)

Note: Applications will be accepted until 11:59 PM on the day prior to the posting end date above.

Estimated Appointment End Date (Continuous if Blank)

Full/PartTime

Job Type

Compensation

Job Description

Agency/Division Information

The Oklahoma Health Care Authority (OHCA) works to ensure Oklahomans have access to better health and better care. The agencys core values include passion for purpose trust and transparency empowerment and accountability best in class and outcomedriven and servant leadership. As part of the interview process candidates may be required to attend an inperson interview at our Oklahoma City office.

Position Purpose

The Compliance Analyst II at the Oklahoma Health Care Authority (OHCA) is responsible for ensuring compliance with state and federal regulations while supporting key security and risk management functions. This position provides technical expertise manages vulnerability assessments and leads incident response efforts. It plays a critical role in evaluating thirdparty security documentation maintaining security policies and ensuring the effectiveness of compliance programs. The Compliance Analyst II collaborates closely with stakeholders to mitigate risks enhance security protocols and maintain the integrity of organizational processes aligning with OHCAs core values of accountability transparency and excellence.

Principle Activities May Include:

• Vulnerability management and monitoring; This includes the use of Nessus for internal report generation and working with vendors to acquire any required metrics. This also includes activities for penetration testing coordination and phishing tests. Conduct meetings to address issues for reasonable resolution.

• Provide technical expertise and analysis; Should balance the team with knowledge and understanding of more technical aspects of systems and security. Keep aware of current industry trends and news to be more proactive in efforts. Be able to handle and interpret more technical questions and writing tasks.

• Security Incident Response; Able to balance tasks and shift focus to handle potentially high priority Issues. Must be able to quickly triage complex situations with limited knowledge and apply knowledge of risk and HIPAA breach rules to properly categorize for escalations. Must document followup and coordinate with key stakeholders through resolution.

• Third Party Document Reviews; Support Business Enterprise projects by providing expertise in reviewing security documentation with comments and escalation of any issue identified as appropriate. May be required to attend project meetings to clarify comments and listen for other security concerns that may need coordination. Coordination with subject matter experts or stakeholders may be required for detailed issues and resolutions.

• Coordinate closely with Risk and Compliance Manager to support; Communicate and coordinate effectively with team to identify support needs.

• Draft and Maintain Security Documentation; This includes but not limited to Policy Standards Guidance Incident Response Plan and System Security Plan. Documents shall be reviewed annually or during significant changes for updates and maintenance. Technical concepts should be written at a level commensurate with the audience for the document.

• Other duties as assigned.

Supervisory Responsibilities: This position does not supervise.

Qualifications: To perform this job successfully an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge skill and/or ability required.

Knowledge Skills Abilities and Competencies

This position requires indepth knowledge of agency policies state and federal regulations and security frameworks such as vulnerability management and incident response protocols. Strong analytical and communication skills are essential for evaluating performance drafting policies and coordinating with internal teams and external stakeholders. The position also demands the ability to resolve complex issues while maintaining accountability and organizational alignment making the Korn Ferry competencies of Ensures Accountability and Tech Savvy highly relevant for success in this role.

Education and/or Experience:

• A bachelors degree and 1 year of professional or technical administrative* experience in business or public administration

• An equivalent combination of education and experience substituting 1 year of qualifying experience for each year of the required education.

• *Technical administrative experience would include highly complex clerical work gained under the direct supervision of a professional supervisor or manager.

Preference may be given to candidates with:

• Certifications such as Certified Information Systems Security Professional (CISSP) Certified Information Security Manager (CISM) Certified in Risk and Information Systems Control (CRISC) Health Care Compliance (CHC) Certification Certified Information Systems Auditor (CISA) or HIPAA Certification

• Advanced education in cybersecurity or IT compliance related field

• Strong proficiency in analytical thinking data analysis and related tools such as MS Excel to identify issues trends patterns and other techniques to achieve objectives. This includes skilled use of formulas pivot tables and principles of good design.

• Strong attention to details.

• Understanding of NIST 80053 control structures and related System Security Plans.

• Experience in the Healthcare sector and/or HIPAA regulations.

• Able to navigate complex and challenging situations that may have tight deadlines.

• MS Office 365 (Word Excel PowerPoint Access Teams).

• Able to work independently and with good work ethics.

• Learns and adapts quickly seeking selfimprovement where needed to achieve goals.

• Good organization skills for tracking and prioritizing multiple tasks.

• Understanding of Risk Management concepts and methodology.

• Understanding of Business Continuity and Disaster Recovery Plans and processes.

Physical Demands:

• Must be able to remain sitting for prolonged periods at a desk and working on a computer.
• Must be able to move or lift up to 15 pounds at various times.

Work Environment

The office work environment includes regular exposure to general office equipment such as computer equipment phones and copy machines.

Why Youll Love Working Here

At the Oklahoma Health Care Authority (OHCA) were proud to create a workplace where employees thrive. Named a Top Workplace in Oklahoma for five consecutive years this achievement reflects the dedication and collaborative spirit of our incredible team. Heres what we offer to support employees and their family:

• Generous statepaid benefit allowance to offset insurance premiums.

• A wide selection of toptier health insurance plans.

• Optional flexible spending accounts for health care or dependent care expenses.

• Employee Assistance Program (EAP) offering confidential support.

• Wellness benefits including an onsite gym and fitness center discounts.

• 11 paid holidays annually.

• 15 vacation days and 15 sick days in your first year.

• Retirement Savings Plan with substantial employer contributions.

• Longevity Bonus to reward years of service.

• Public Service Loan Forgiveness eligibility and reimbursement for educational expenses.

• Professional development training opportunities including CEU support.

Accommodation Statement:

The Oklahoma Health Care Authority complies with applicable State and Federal civil rights laws and does not discriminate. All qualified applicants will receive consideration for employment without regard to race color sex religion disability age national origin or genetic information. If a reasonable accommodation is needed to participate in the job application or interview process to perform essential job functions and/or to receive other benefits and privileges of employment please contact the Civil Rights Coordinator at.

Notice to applicants: Please add to the address book or safesenders list in your email. All correspondence will come from this address. Be sure to check your junk folder. If you have questions about the status of your application you can contact the HR team at.

Note: Applications will be accepted until 11:59 PM on the day prior to the posting end date above.

Current State of Oklahoma employees must apply for open positions internally through WorkdayJobs Hub.

Equal Opportunity Employment

The State of Oklahoma is an equal opportunity employer and does not discriminate on the basis of genetic information race religion color sex age national origin or disability.

Current active State of Oklahoma employees must apply for open positions internally through the Workday Jobs Hub.