200+ applicants

Company

Original Job Post

OneStudyTeam · 4 days ago

Senior Security Compliance Analyst

United States

Full-time

Remote

Senior Level

5+ years exp

Wonder how qualified you are to the job?

Maximize your interview chances

Clinical TrialsSoftware

Insider Connection @OneStudyTeam

Discover valuable connections within the company who might provide insights and potential referrals, giving your job application an inside edge.

Responsibilities

Lead the Security Team and organization in meeting ISO controls requirements, surveillance audits, and SOC 2 examinations.

Manage the company's security certification lifecycle and acquire new certifications as needed.

Ensure cross-functional oversight for compliance with certification standards and policies, leading to successful external audits.

Collaborate with internal audit functions to enhance security policies and procedures aligned with ISO 27001 and SOC 2 frameworks.

Prepare for internal and external certification audits by organizing requests, gathering evidence, and responding to auditors.

Ensure consistent responses to customer security audits and questionnaires in line with ISO 27001 and SOC 2.

Manage internal audit/reviews for ISMS controls and coordinate remediation efforts.

Review and update security policies and procedures periodically.

Recommend and implement improvements to the Information Security Risk Management program.

Develop and maintain risk register contents and workflows to track identified risks and action plans.

Design, compile, and report metrics of the Information Security Program with KRIs/KPIs.

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

ISO 27001SOC 2HIPAAGLBAPCIGap analysisRisk assessmentAccess controlData classificationChange managementAsset managementBusiness continuityDisaster recoveryIncident responseVulnerability managementSecure development lifecycleSource controlEndpoint protectionPublic cloudsAWSGCPAgile software developmentContinuous integrationContinuous deploymentVirtual private networksModern web applicationsProblem-solvingClear communicationListening skillsInterpersonal skills

Required

Experience leading a successful ISO 27001 or SOC 2 certification effort is required.

5 or more years experience in a dedicated information security role in a HIPAA, or other regulated environment (e.g., GLBA, PCI) is required.

Proficient in both gap analysis and risk assessment methodologies.

In-depth understanding of the following topics as they relate to security policy, procedure, and enforcement: access control, data classification, change management, asset management, business continuity, disaster recovery, incident response, vulnerability management, secure development lifecycle, source control, and endpoint protection.

Technical background sufficient to understand high level concepts related to public clouds (AWS or GCP), agile software development life cycles, source control, continuous integration/deployment, virtual private networks, and modern web applications.

Clear and concise writing style with excellent verbal communication and listening skills and the ability to interface with all levels of business.

Experience working with a broad array of business units/departments, helping to implement security strategies and solutions with the ability to translate complex concepts to stakeholders at all levels of technical ability.

Ability to think critically and pragmatically while seeing tasks through to completion.

Preferred

Security Certification (e.g., CISA, CISM, CISSP) is highly desirable.

Benefits

Global benefits offerings

Company

OneStudyTeam

Glassdoor

2.5

OneStudyTeam is a cloud-based software company that work to ensure therapeutic development moves at the speed of science. It is a sub-organization of Reify Health.

Founded in 2012

Boston, Massachusetts, USA

201-500 employees