Apply on Employer Site

OneStudyTeam · 2 days ago

Senior Security Compliance Analyst

United States

Full-time

Remote

Senior Level, Lead/Staff

8+ years exp

OneStudyTeam is a company focused on improving clinical trials and patient outcomes through their cloud-based platform. They are seeking a Senior Security Compliance Analyst to enhance their security and compliance programs, ensuring adherence to industry regulations and maintaining compliance with relevant security frameworks.

Clinical TrialsSoftware

No H1B

Responsibilities

Lead and support customer security audits, responding to security questionnaires and demonstrating compliance with security frameworks

Prepare, coordinate, and manage ISO 27001 audits, including evidence collection, control implementation, and auditor engagement

Ensure ongoing compliance with HIPAA, NIST CSF, and other regulatory requirements applicable to healthcare data security

Develop and maintain policies, procedures, and security documentation to meet regulatory and contractual obligations

Perform gap analyses and risk assessments to identify and remediate compliance risks

Manage and improve security governance frameworks, ensuring alignment with industry best practices and business objectives

Conduct third-party vendor risk assessments, ensuring compliance with security policies and contractual obligations

Monitor security controls, ensuring effectiveness and continuous improvement in alignment with security frameworks

Support security awareness training initiatives, ensuring employees understand compliance responsibilities

Stay current on ISO 27001, HIPAA, NIST 800-53, and other relevant standards, translating them into actionable security controls

Assist in defining security metrics and reporting on compliance status and risk posture to leadership

Work closely with legal, security, IT, and business teams to align compliance requirements with security operations

Qualification

GovernanceRiskComplianceISO 27001HIPAANIST CSFCISSPCISMCISAHITRUST CCSFPCRISCRisk assessmentsSecurity auditsGRC toolsCommunication skillsOrganizational skillsProject management

Required

Bachelor's degree in Information Security, Computer Science, Risk Management, or related field (or equivalent experience)

8+ years of progressive experience in GRC, compliance, or security audit roles

Experience in healthcare or regulated industries strongly preferred

Experience leading ISO 27001, SOC2, or HITRUST audits, including ISMS implementation and external audit coordination

Strong understanding of NIST CSF, SOC 2, GDPR, and other security frameworks

Hands-on experience with customer security audits, including responding to security questionnaires and managing security assessments

Ability to perform risk assessments, policy reviews, and compliance gap analyses

Strong written and verbal communication skills, with the ability to explain technical concepts to non-technical stakeholders

Detail-oriented with excellent organizational and project management skills

Ability to work independently and collaboratively in a remote environment

Preferred

Certifications strongly preferred: ISO 27001 Lead Auditor/Implementer, CISSP, CISM, CISA, HITRUST CCSFP, CRISC

Familiarity with GRC tools (e.g., OneTrust, LogicGate, Archer, Vanta, Drata) is a plus

Company

OneStudyTeam

Glassdoor2.5

OneStudyTeam is a cloud-based software company that work to ensure therapeutic development moves at the speed of science. It is a sub-organization of Reify Health.

Founded in 2012

Boston, Massachusetts, USA

201-500 employees