OneStudyTeam ยท 4 days ago
Senior Security Compliance Analyst
Wonder how qualified you are to the job?
Clinical TrialsSoftware
Insider Connection @OneStudyTeam
Responsibilities
Lead the Security Team and organization in meeting ISO controls requirements, surveillance audits, and SOC 2 examinations.
Manage the company's security certification lifecycle and acquire new certifications as needed.
Ensure cross-functional oversight for compliance with certification standards and policies, leading to successful external audits.
Collaborate with internal audit functions to enhance security policies and procedures aligned with ISO 27001 and SOC 2 frameworks.
Prepare for internal and external certification audits by organizing requests, gathering evidence, and responding to auditors.
Ensure consistent responses to customer security audits and questionnaires in line with ISO 27001 and SOC 2.
Manage internal audit/reviews for ISMS controls and coordinate remediation efforts.
Review and update security policies and procedures periodically.
Recommend and implement improvements to the Information Security Risk Management program.
Develop and maintain risk register contents and workflows to track identified risks and action plans.
Design, compile, and report metrics of the Information Security Program with KRIs/KPIs.
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Experience leading a successful ISO 27001 or SOC 2 certification effort is required.
5 or more years experience in a dedicated information security role in a HIPAA, or other regulated environment (e.g., GLBA, PCI) is required.
Proficient in both gap analysis and risk assessment methodologies.
In-depth understanding of the following topics as they relate to security policy, procedure, and enforcement: access control, data classification, change management, asset management, business continuity, disaster recovery, incident response, vulnerability management, secure development lifecycle, source control, and endpoint protection.
Technical background sufficient to understand high level concepts related to public clouds (AWS or GCP), agile software development life cycles, source control, continuous integration/deployment, virtual private networks, and modern web applications.
Clear and concise writing style with excellent verbal communication and listening skills and the ability to interface with all levels of business.
Experience working with a broad array of business units/departments, helping to implement security strategies and solutions with the ability to translate complex concepts to stakeholders at all levels of technical ability.
Ability to think critically and pragmatically while seeing tasks through to completion.
Preferred
Security Certification (e.g., CISA, CISM, CISSP) is highly desirable.
Benefits
Global benefits offerings
Company
OneStudyTeam
OneStudyTeam is a cloud-based software company that work to ensure therapeutic development moves at the speed of science. It is a sub-organization of Reify Health.
Funding
Current Stage
Growth StageLeadership Team
Recent News
Gastroenterology & Endoscopy News
2023-12-21
MobiHealthNews
2022-12-07
Company data provided by crunchbase