Make a game-changing next move.

Learn more about the opportunities in Coatue's portfolio.
192
companies
6,163
Jobs

Senior Security Compliance Analyst

Reify Health

Reify Health

IT, Legal
Remote
Posted on Monday, May 13, 2024

At OneStudyTeam (a Reify Health company), we specialize in speeding up clinical trials and increasing the chance of new therapies being approved with the ultimate goal of improving patient outcomes. Our cloud-based platform, StudyTeam, brings research site workflows online and enables sites, sponsors, and other key stakeholders to work together more effectively. StudyTeam is trusted by the largest global biopharmaceutical companies, used in over 6,000 research sites, and is available in over 100 countries. Join us in our mission to advance clinical research and improve patient care.

One mission. One team. That’s OneStudyTeam.

By joining our team as the Senior Security Compliance Analyst, you will provide support and solutions to a growing team spread around the globe. You will play a key role in supporting the security compliance and governance function to advance a pragmatic and effective Information Security Program. This includes creating and developing scalable and repeatable processes to meet ISO 27001 and SOC 2 in support of regulatory requirements e.g., HIPAA, GDPR.

What You’ll Be Working On

  • You will lead the Security Team and larger organization on satisfaction of the quarterly ISO controls requirements, ISO surveillance audits, 2022 SOC 2 Examination and once achieved, SOC 2 maintenance.
  • Manage the company's existing security certification lifecycle and acquire new certifications as necessitated by the company's security and business needs.
  • Engage in cross-functional (cross-departmental) oversight to ensure compliance with certification standards and associated policies and procedures, leading to external audits without significant findings.
  • Partner with an outsourced “internal” audit function to monitor and improve security policies, procedures, and standards, consistent with security certifications and frameworks i.e., ISO 27001, SOC 2.
  • In conjunction with associate members of the Security Team, prepare for internal and external certification audits of the Information Security Program by organizing requests, gathering evidence, and authoring responses to external auditors.
  • Work with associate members of the Security Team to ensure they respond to customer security audits and questionnaires in a manner consistent with the Information Security Program and associated certifications i.e. ISO 27001, SOC 2.
  • Responsible for managing internal audit/reviews for ISMS controls and coordinating remediation.
  • Manage periodic reviews of security policies and procedures.
  • Recommend, drive, and implement improvements to the company’s Information Security Risk Management program.
  • Develop and maintain risk register contents and underlying workflows to track identified risks, risk owners, and action plans for risk remediation.
  • In conjunction with Security Management, design, compile, and report metrics of Information Security Program, including KRIs/KPIs.

What You’ll Bring to OneStudyTeam

  • Experience leading a successful ISO 27001 or SOC 2 certification effort is required.
  • 5 or more years experience in a dedicated information security role in a HIPAA, or other regulated environment (e.g., GLBA, PCI) is required.
  • Security Certification (e.g., CISA, CISM, CISSP) is highly desirable.
  • Proficient in both gap analysis and risk assessment methodologies.
  • In-depth understanding of the following topics as they relate to security policy, procedure, and enforcement: access control, data classification, change management, asset management, business continuity, disaster recovery, incident response, vulnerability management, secure development lifecycle, source control, and endpoint protection.
  • Technical background sufficient to understand high level concepts related to public clouds (AWS or GCP), agile software development life cycles, source control, continuous integration/deployment, virtual private networks, and modern web applications.
  • Clear and concise writing style with excellent verbal communication and listening skills and the ability to interface with all levels of business.
  • Experience working with a broad array of business units/departments, helping to implement security strategies and solutions with the ability to translate complex concepts to stakeholders at all levels of technical ability.
  • Ability to think critically and pragmatically while seeing tasks through to completion.

Learn more about our global benefits offerings on our careers site: https://careers.onestudyteam.com/us-benefits

We value diversity and believe the unique contributions each of us brings drives our success. We do not discriminate on the basis of race, sex, religion, color, national origin, gender identity, age, marital status, veteran status, or disability status.

Note: OneStudyTeam is unable to sponsor work visas at this time. If you are a non-U.S. resident applicant, please note that OST works with a Professional Employer Organization.

As a condition of employment, you will abide by all organizational security and privacy policies.

For a detailed overview of OneStudyTeam's candidate privacy policy, please visit https://careers.onestudyteam.com/candidate-privacy-policy. This organization participates in E-Verify (E-Verify's Right to Work guidance can be found here).