• Senior Risk & Compliance Analyst - Remote

    Dragonfly Health (Mesa, AZ)


    Description

    Dragonfly Health - A great place to land

     

    Dragonfly Health is the leading care-at-home data, technology and service platform, and the industry’s first scale durable medical equipment (DME) and pharmacy solution. Built on a 20-year history, Dragonfly Health uses advanced technology and robust analytics to manage DME and pharmaceutical services as part of a single, efficient solution for caregivers, patients, and their families. We serve over 145,000 patients every day in all 50 states.

     

    Here, you are an integral part of a team that is transforming the future of hospice and post-acute healthcare. This is where innovation, collaboration and compassion thrive, allowing us to carry out our work at the highest level to serve our patients at a time in their life when they need us most.

     

    We offer a dynamic and inclusive workplace where you'll have the unique opportunity to shape the future of healthcare alongside a passionate and talented team. We believe in empowering our employees to grow both personally and professionally, providing ample opportunities for career advancement, continuous learning, and skill development.

     

    Dragonfly Health is our name for a reason.

     

    The dragonfly is symbolic of the transformational impact we’re making on the industry, our people, and the lives we touch. We are a guiding force for what’s ahead, delivering more than equipment and medications, but also comfort and peace of mind. We are agile and adaptable, able to quickly and easily pivot from one point to the next, ready for whatever situation or patient need that arises.

     

    Whatever it takes. Wherever it takes us.

    What we offer

    + Competitive Pay

    + Comprehensive benefits package (health, dental, vision, PTO, sick time, 401k w/match, etc.)

    + Growth opportunity and career advancement

    + Agile and adaptable team culture

    + Innovative and revolutionary technology solutions

    + A higher calling to provide quality patient care

     

    See how Dragonfly Health is transforming the world of hospice and post-acute care. (https://www.linkedin.com/posts/dfhealth\_see-how-dragonfly-health-is-transforming-activity-7204921020292476928-Ut\_7?utm\_source=share&utm\_medium=member\_desktop)

    What you will do

    + **Maintain Certification:** Ensures successful completion and renewal of SOC2 Type I and II audits.

    + **Risk Assessment & Monitoring:** Identifies, assesses, and monitors internal, third-party, and fourth-party information security risks.

    + **Audit & Assessment Support:** Coordinates evidence collection and supports internal and external audits, assessments, and investigations – including third-party risk assessments.

    + **Risk Communication:** Translates complex technical and regulatory findings into clear, actionable recommendations for business and technical stakeholders.

    + **Risk Tracking & Remediation:** Tracks and drives resolution of identified risks through remediation planning and follow-up.

    + **Policy & Procedure Development:** Creates, updates, and maintains security policies, standards, and procedures aligned with regulatory and industry frameworks.

    + **Regulatory Readiness:** Prepares and organizes documentation in support of HIPAA, HITECH,, and other regulatory audits or inquiries.

    + **Control Gap Identification:** Identifies and documents gaps in cybersecurity, IT controls, and risk management practices.

    + **Threat & Standards Awareness:** Monitors evolving cybersecurity threats, compliance obligations, and healthcare industry standards to inform proactive risk management.

    + **Reporting & Presentation:** Prepares and delivers audit and risk reports to leadership including corrective action plans that are practical and aligned with team capabilities and budget.

    + **Client Security Inquiries:** Manages and drafts responses to customer and partner security questionnaires and due diligence requests.

    + **GRC Tool Implementation:** Leads the evaluation, selection, and enterprise-wide deployment of a Governance, Risk, and Compliance (GRC) platform.

    What we look for

    + 5-8+ years of progressive experience in one or more of the following areas: Information Security Risk Management, Regulatory Compliance (HIPAA, HITECH, SOC2, etc.), Internal or External IT Audit, GRC Program Development or Tool Implementation, Third-Party Risk Management, Healthcare IT or Health Information Management, Enterprise Risk Management (ERM) or Policy Governance.

    + Hands-on support for SOC2 audits, HIPAA Security Rule compliance, or HITECH assessment

    + Familiarity with healthcare industry regulations and privacy/security frameworks (e.g., NIST, HITRUST, ISO 27001)

    + Experience managing or responding to client/vendor security assessments strongly preferred

    + Leading or contributing to the implementation of a GRC platform strongly preferred

    + Exposure to both technical teams (e.g., cybersecurity, IT) and non-technical teams (e.g., Legal, Compliance, Audit) is strongly preferred

    + Preferred Certifications: CRISC (Certified Risk and Information System Control) or equivalent, CISSP (Certified Information System Security Professional), CompTIA Security+, CHC – Certified in Healthcare Compliance (from HCCA)

     

    Why Senior Risk & Compliance Analysts are important

     

    The Senior Risk & Compliance Analyst plays a critical role at Dragonfly Health by protecting the organization from legal, financial, and reputational risks in a highly regulated healthcare environment. They ensure compliance with laws like HIPAA and HITECH, proactively identify and mitigate operational and data-related risks, and uphold data privacy and security standards to protect patient information. By conducting audits, improving policies, and translating complex regulations into practical guidance, they embed compliance into everyday operations. Their cross-functional collaboration helps Dragonfly scale responsibly, maintain patient trust, and operate with integrity at every level.

     

    Let's soar together

    Qualifications

    Skills

    Preferred

    + **Working knowledge of Microsoft Office Suite:** Some Knowledge

    + **Interpersonal Skills:** Some Knowledge

    + **Presentations:** Some Knowledge

    + **Data Analysis & Reporting:** Some Knowledge

    + **Clear and effective communication:** Some Knowledge

     

    Licenses & Certifications

    Preferred

    + Healthcare Compliance

    + CompTIA Sec+ CISSP

    + CRISC

    Experience

    Preferred

    + Prior selection or implementation of compliance tools or risk dashboards

    + Oversight of corrective action plans following audits or security incidents

    + Experience presenting findings to executive leadership or audit committees

    + Exposure to both technical teams (e.g., cybersecurity, IT) and non-technical teams (e.g., Legal, Compliance, Audit

    + Leading or contributing to the implementation of a GRC platform

    + Hands-on support for SOC2 audits, HIPAA Security Rule compliance, or HITECH assessment

    + Experience managing or responding to client/vendor security

    + Familiarity with healthcare industry regulations and privacy/security frameworks (e.g., NIST, HITRUST, ISO 27001)

    + Minimum of 5-8 years of progressive experience in one or more of the following areas: Information Security Risk Management, Regulatory Compliance (HIPAA, HITECH, SOC2, etc.), Internal or External IT Audit, GRC Program Development or Tool Implementation, Third-Party Risk Management, Healthcare IT or Health Information Management, Enterprise Risk Management (ERM) or Policy Governance.

     

    Equal Opportunity Employer

     

    This employer is required to notify all applicants of their rights pursuant to federal employment laws.

     

    For further information, please review the Know Your Rights (https://www.eeoc.gov/poster) notice from the Department of Labor.