Security Analyst SOC2
Location: Redwood City, CA
Duration: 8 Months Contract
Audit certifications base level knowledge
Not open to remote need to be able to audit and maintain (physical presence onsite)
Experience doing and participating in SOC2 audits
Knowing what effective controls are
FedRamp strong plus
The Security Compliance team has the task of ensuring customers and patients can use the FFRct Platform with confidence their data and information will always be safe and secure.
Audits security strategies, processes, and best practices for compliance with security regulations and frameworks, specifically HIPAA and HITRUST CSF.
Maintains audit records and tracks security metrics for continuous reporting and monitoring requirements Participate in monthly, quarterly, and annual audit programs to assert confidence over internal controls and driving IT solutions
Consult with IT peers and leadership to improve control efficiencies and operating effectiveness Driving remediation efforts and work with company stakeholders
Partner with staff from Finance, HR, Legal, and Sales (among others) to obtain and review evidence of compliance
Evangelize business owners to do the right thing using diplomacy and tact in all interactions
Track and report findings and work with teams to remediate and mitigate risks
Plan and perform internal audits to assess control design and effectiveness
Consult and assist audit efforts with key control owners including Finance, HR, Legal, and Sales Administer or assist in all security services and projects and act as SecurityCompliance point of contact for all Departments
Assists in the administration of the Security Information Response Plan and subsequent mitigation efforts
Promotes and supports company policies, procedures, mission, values, and standards of ethics and integrity
Foundational knowledge of Agile Software Development Lifecycle, security engineering, computer and network security, authentication, and security controls, especially as they pertain to Amazon Web Services.
Ability to work independently while supporting a highly diverse global organization
Ability to easily translate technology requirements into business-friendly discussions CISSP, CISA, CGEIT, CIPT CISA, ISO 27001
Lead Implementer or audit/compliance certifications a plus Bachelor's Degree in Computer Science, Life Sciences, or related field and 1 year experience building medical, healthcare, or Life Sciences products or services.
Educational Requirements & Work Experience:
Certification as a HITRUST Certified CSF Practitioner (CCSFP) or experience in a completed HITRUST CSF certification audit
2 years of experience with Security compliance, preferably as an active Internal Security Assessor (ISA) or Qualified Security Assessor (QSA)
3 years of general auditing experience in the Medical Device, Healthcare, or Lifesciences industries (experience in a similar highly regulated industry may be considered).
Experience in performing information security risks assessments, specifically HSRAs or HITRUST CSF. ISO 27001 or FISMA/FedRamp experience desired but not necessary.
Experience tracking and creating metrics from Enterprise security tools
Solid understanding of Information Security Standards and security frameworks such as HITRUST, ISO 27001, NIST 800-37, or FISMA/FedRAMP.
security, SOC2, FedRamp