Senior Security and Compliance Analyst
Posted on October 08, 2025 (about 2 hours ago)
About Certify
At CertifyOS, we're building the infrastructure that powers the next generation of provider data products, making healthcare more efficient, accessible, and innovative. Our platform is the ultimate source of truth for provider data, offering unparalleled ease and trust while making data easily accessible and actionable for the entire healthcare ecosystem.
What sets us apart? Our cutting-edge, API-first, UI-agnostic, end-to-end provider network management platform automates licensing, enrollment, credentialing, and network monitoring like never before. With direct integrations into hundreds of primary sources, we have an unbeatable advantage in enhancing visibility into the entire provider network management process. Plus, our team brings over 25+ years of combined experience building provider data systems at Oscar Health, and we're backed by top-tier VC firms who share our bold vision of creating a one-of-a-kind healthcare cloud that eliminates friction surrounding provider data.
But it's not just about the technology; it's about the people behind it. At Certify, we foster a meritocratic environment where every voice is heard, valued, and celebrated. We're founded on the principles of trust, transparency, and accountability, and we're not afraid to challenge the status quo at every turn. We're looking for purpose-driven individuals like you to join us on this exhilarating ride as we redefine healthcare data infrastructure.
About the role
The Senior Security and Compliance Analyst will be responsible for driving security initiatives, managing risk assessments, ensuring compliance with regulatory frameworks, and supporting audits. This role requires a strong background in security governance, risk, and compliance (GRC), along with hands-on experience implementing security controls across cloud and enterprise environments.
Responsibilities
- Perform risk assessments, vendor due diligence, and control gap analysis.
- Develop and enforce security policies, standards, and procedures.
- Collaborate with engineering, IT, and business teams to remediate security risks.
- Support internal and external audits (SOC 2, ISO 27001, HIPAA, HITRUST, GDPR, CCPA).
- Maintain evidence repositories and ensure timely submission for audits using tools like Drata.
- Track and close compliance gaps and audit findings.
- Monitor and report on compliance posture to management.
- Conduct security awareness training for employees.
- Drive third-party risk management activities.
- Work with IT and Cloud teams to implement and validate security controls across AWS, Azure, and GCP using security centers.
- Monitor IAM, DLP, and SIEM systems.
- Review security configurations and provide recommendations for improvement.
- Manage workflows and remediation tasks via tools like Jira.
Qualifications
- Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).
- 5–8 years of experience in information security, risk management, or compliance.
- Strong knowledge of security frameworks: NIST CSF, ISO 27001, CIS Controls, SOC 2.
- Experience with regulatory compliance requirements: HIPAA, GDPR, CCPA, HITRUST.
- Hands-on experience with security tools (SIEM, DLP, IAM, CASB).
- Excellent communication and documentation skills.
- Relevant certifications preferred: CISSP, CISA, ISO 27001 LA/LI, CCSK.
Diversity and Inclusion
At Certify, we're committed to creating an inclusive workplace where everyone feels valued and supported. As an equal opportunity employer, we celebrate diversity and warmly invite applicants from all backgrounds to join our vibrant community.
How to Apply
Interested candidates can apply by clicking the following link: Apply for this job