Continuity & Security Assurance Analyst

Government Employees Health Association, Inc. (G.E.H.A) is a nonprofit member association that provides health and dental benefits that millions of federal employees and retirees, military retirees and their families have counted on since 1937. Offering one of the largest health and dental benefit provider networks available to federal employees in the United States, G.E.H.A empowers health and wellness by meeting its members where they are, when they need care.

G.E.H.A has one mission: To empower federal workers to be healthy and well.

The Continuity and Security Assurance Analyst supports G.E.H.A’s Cybersecurity and Information Protection (CIP) program by executing security, compliance, and business continuity initiatives. This role is responsible for assessing controls, monitoring compliance with regulatory and internal standards, supporting audit activities, and contributing to the resilience and security posture of G.E.H.A’s systems, data, and third-party relationships.

SKILLS

• Key Responsibilities:
• Develop and execute security, compliance, and risk assessment plans aligned to regulatory requirements, industry standards, and G.E.H.A policies.
• Monitor security programs and systems, analyze logs and activities, and identify control gaps, anomalies, or areas of elevated risk.
• Perform audits across key control areas, including Data Loss Prevention (DLP), inbound email security/quarantine processes, and user access management.
• Perform and support periodic user access control reviews, including validation of user entitlements, identification of inappropriate or excessive access, coordination with business owners, and tracking remediation of identified issues.
• Review and troubleshoot compliance requests to ensure alignment with G.E.H.A security policies, standards, and applicable legal/regulatory requirements.
• Conduct ongoing compliance monitoring activities, including documentation, evidence collection, and remediation tracking for identified issues.
• Evaluate existing processes and controls, identify areas for improvement, and develop actionable remediation plans to strengthen compliance and security posture.
• Support internal and external audits by preparing documentation, coordinating responses, and validating control effectiveness.
• Create, maintain, and enhance security documentation, procedures, and control artifacts to support governance and audit readiness.
• Support the execution of security awareness and training initiatives.
• Contribute to the development and continuous improvement of programs that ensure the availability and resilience of G.E.H.A’s information systems and data.
• Support the Business Continuity and Disaster Recovery (BCDR) program, including planning, documentation, testing, and continuous improvement activities.
• Assist in the Third Party Risk Management program, including review and analysis of third-party maturity assessments, SOC reports, and HITRUST certifications.
• Monitor third-party security posture and identify risks, gaps, and opportunities for improvement across G.E.H.A’s vendor ecosystem.

Job Requirements:

• Experience and Education
• Bachelor’s degree in Computer Science, Information Systems, or a related discipline.
• Three (3) or more years of experience in Information Technology, Information Security, IT Assurance, Risk Management, Governance, or Business Continuity.
• Equivalent combinations of education and additional experience may be considered in lieu of formal degree or certification requirements.

• Certifications
• One or more industry certifications such as: CISSP, HCISPP, CRMA, CGEIT, CRISC, CISM, CISA, CBCP, GIAC, or similar governance, risk, security, or BCDR certifications.

• Technical and Functional Knowledge
• Working knowledge of governance, risk, and compliance frameworks such as: COSO, COBIT, ITIL, ISO 31000, ISO 27002, ISO 22301, NIST CSF, NIST 800‑53, and SANS Critical Security Controls.
• Experience with enterprise Governance, Risk, and Compliance (GRC) platforms (e.g., Archer, MetricStream, LockPath, etc.).
• Proficiency with Microsoft Office applications.

• Skills and Competencies
• Strong analytical and problem-solving skills with the ability to identify risk and recommend practical solutions.
• Effective written and verbal communication skills, including the ability to translate technical risks into business-focused language.
• Ability to build relationships, influence stakeholders, and collaborate across multiple business units and teams.
• Strong organizational skills with the ability to manage multiple priorities in a fast-paced environment.
• Customer service orientation with a focus on delivering high-quality, accurate outcomes.
• Effective presentation and interpersonal skills.

• Work-at-home requirements
• Must have the ability to provide a non-cellular High Speed Internet Service such as Fiber, DSL, or cable Modems for a home office.
• A minimum standard speed for optimal performance of 30x5 (30mpbs download x 5mpbs upload) is required.
• Latency (ping) response time lower than 80 ms
• Hotspots, satellite and wireless internet service is NOT allowed for this role.
• A dedicated space lacking ongoing interruptions to protect member PHI / HIPAA information

• How we value you
• Competitive pay/salary ranges
• Incentive plan
• Health/Vision/Dental benefits effective day one
• 401(k) retirement plan: company match – dollar for dollar up to 4% employee contribution (pretax or Roth options) plus a 6% annual company contribution
• Robust employee well-being program
• Paid Time Off
• Personal Community Enrichment Time
• Company-provided Basic Life and AD&D
• Company-provided Short-Term & Long-Term Disability
• Tuition Assistance Program

While this is a remote opportunity, at this time G.E.H.A does not hire employees from U.S. territories or the following states: Alaska, Hawaii, California, Washington, Oregon, Colorado, Wyoming, Montana, New York, Connecticut, Vermont, Pennsylvania, Maine.

Please note that the salary information is a general guideline only. G.E.H.A considers factors such as (but not limited to) scope and responsibilities of the position, candidate’s work experience, education/training, key skills, internal peer equity, as well as, market and business considerations when extending an offer.

The target hiring range for this position is $75,862 - $95,970 USD. At G.E.H.A, the current maximum salary for this role is $106,938 USD. While initial compensation may vary based on experience and qualifications, there is a path to work toward this top rate through performance and continued growth within the organization.

G.E.H.A is an Equal Opportunity Employer, which means we will not discriminate against any individual based on sex, race, color, national origin, disability, religion, age, military status, genetic information, veteran status, pregnancy, marital status, gender identity, and sexual orientation, as well as all other characteristics and qualities protected by federal, state, or local law. G.E.H.A will not discriminate against employees or applicants because they have inquired about, discussed, or disclosed their compensation or the compensation of another employee or applicant. We are committed to creating an inclusive environment for all employees.

G.E.H.A is headquartered in Lee's Summit, Missouri, in the Kansas City area. We recognize the importance of balance and flexibility and offer hybrid and work-from-home options for many of our roles.