Senior Security and Compliance Analyst

Job not on LinkedIn

September 9

Apply Now

Receive Emails with Similar Jobs

CertifyOS

WebsiteLinkedInAll Job Openings

Healthcare Insurance • SaaS • Compliance

CertifyOS is a company that provides advanced provider data technology solutions to transform healthcare management. Their platform aims to modernize the end-to-end provider data infrastructure by offering services such as real-time provider data verification, credentialing, monitoring, and compliance management. By eliminating manual workflows, CertifyOS increases the speed, efficiency, and accuracy of data processes, ultimately reducing operating expenses for their clients, which include health plans, health systems, and digital health companies. CertifyOS emphasizes transparency and real-time insights, offering an easy-to-use experience backed by strong customer support.

51 - 200 employees

⚕️ Healthcare Insurance

☁️ SaaS

📋 Compliance

💰 $14.5M Series A on 2022-09

📋 Description

• Perform risk assessments, vendor due diligence, and control gap analysis • Develop and enforce security policies, standards, and procedures • Collaborate with engineering, IT, and business teams to remediate security risks • Support internal and external audits (SOC 2, ISO 27001, HIPAA, HITRUST, GDPR, CCPA) • Maintain evidence repositories and ensure timely submission for audits using tools like Drata • Track and close compliance gaps and audit findings • Monitor and report on compliance posture to management • Conduct security awareness training for employees • Drive third‑party risk management activities • Work with IT and Cloud teams to implement and validate security controls across AWS, Azure, and GCP • Monitor IAM, DLP, and SIEM systems • Review security configurations and provide recommendations for improvement • Manage workflows and remediation tasks via tools like Jira

🎯 Requirements

• Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience) • 5–8 years of experience in information security, risk management, or compliance • Strong background in security governance, risk, and compliance (GRC) and hands-on experience implementing security controls across cloud and enterprise environments • Strong knowledge of security frameworks: NIST CSF, ISO 27001, CIS Controls, SOC 2 • Experience with regulatory compliance requirements: HIPAA, GDPR, CCPA, HITRUST • Hands-on experience with security tools (SIEM, DLP, IAM, CASB) • Experience with cloud platforms and security centers: AWS, Microsoft Azure, Google Cloud Platform (e.g., Google Cloud Security Command Center) • Experience performing risk assessments, vendor due diligence, and control gap analysis • Experience supporting internal and external audits and maintaining evidence repositories (e.g., using Drata) • Experience managing workflows and remediation tasks via tools like Jira • Excellent communication and documentation skills • Relevant certifications preferred: CISSP, CISA, ISO 27001 LA/LI, CCSK