Sr. Security Compliance Analyst
Bamboo Health Security implements forward thinking security architectures across a wide variety of platforms and technologies including cloud services, identity and access management, virtualization, and third-party service providers. We strive to implement innovative solutions that support dynamic growth within complex regulatory environments. The Bamboo Health Security Team is highly collaborative and committed to each team member’s growth along with the business.
The Bamboo Health Security Team is seeking an experienced and highly motivated Senior Security Compliance Analyst to join our team. As a Senior Security Compliance Analyst, you will play a critical role in monitoring, assessing, and ensuring the organization's compliance with internal and external regulations. You will analyze potential risks to the organization's information systems and data, conduct internal reviews of systems and procedures, and assist the Security Operations team in addressing security incidents. With a blend of compliance, risk, and technical expertise - you will be responsible for helping to bridge the gap between policy enforcement and practical security operations. The Sr. Security Compliance Specialist will work with seasoned security experts with extensive knowledge across security domains.
What You’ll Do:
• Evaluate organizational policies and standards, ensuring that external and internal compliance requirements are met.
• Assist in policy documentation upkeep and development, ensuring clarity and applicability.
• Work with external auditors and customers as necessary, providing them with required information and assistance.
• Work closely with various teams, including IT, Legal, HR, and Operations, ensuring seamless compliance and security integration.
• Monitor and assist with the internal training program/s on compliance requirements and best practices.
• Assist the Security Operations team in monitoring, detection, and response activities.
• Participate in the on-call rotation to address and escalate security incidents as they arise.
What Success Looks Like…
You will be responsible for working with the Information Security group to ensure continual alignment of Bamboo Health's security operations with internal and external compliance requirements. Assist with continuous reviews of internal and external audits, policy documentation, and compliance requirements. Effectively communicate, and show proof of, Bamboo Health's adherence to internal and external policy requirements. Develop an understanding of system relationships and dependencies and relay this knowledge to internal and external stakeholders. Assist the Security Operations team with addressing and escalating security incidents as part of the on-call rotation.
In 3 months…
• Learning the current compliance landscape, tools, policies, procedures, and stakeholders.
• Develop an understanding of the specific regulatory frameworks that Bamboo Health adheres to.
• Established relationships with the team and key internal departments.
• Understand and be able to describe the function of Bamboo Health's products and services.
In 6 months…
• Understand Bamboo Health's current compliance status.
• Identifying immediate compliance risks or gaps.
• Participating in risk and compliance assessment exercises with internal teams.
• Describe the organization layout in detail and identify key stakeholders.
• Familiar with the required communication channels and participating in providing required metrics and feedback to internal and external stakeholders.
• Familiarity with internal Security Operations processes and procedures.
In 12 months…
• Make recommendations and provide feedback to improve the effectiveness of our internal compliance program.
• Actively helping to improve and streamline the methods, processes, and procedures used in measuring and adhering to compliance requirements.
• Augment the team's efforts in completing comprehensive security assessments executed by independent third-party assessment organizations and utilize the findings to improve compliance.
• Augment the team's efforts with internal educational initiatives and objectives.
• Participating in weekly on-call rotation, incident analysis, and escalation – aiding Security Operations as needed.
What You Need:
• At least 3 years of experience utilizing information security best practices, compliance frameworks, and security tooling and processes.
• At least 2 years of operational experience with security incident response and security operations processes and procedures.
• Domain expertise in at least 3 of:
a. Knowledge of Security control frameworks or benchmarks (Examples: ISO, NIST, HIPAA, CIS, HITRUST, FedRAMP)
b. Experience with testing and measuring security controls
c. Ability to provide technical and operational support on security compliance initiatives
d. Evidence gathering for security auditing purposes
e. identity and access management (IAM)
f. Security Incident Response
• Excellent written and verbal communication skills, with ability to build and communicate business rationale.
• Ability to learn quickly and work independently.
• Ability to build effective, sustainable working relationships internally, with customers, and external stakeholders.
• Experience in security best practices and controls applied in cloud-centric environments (AWS/Azure/GCP).
• Working knowledge of common vulnerability management tooling and programs would be beneficial.
• Working knowledge of incident response best practices and programs would be beneficial.
• A work environment that is conducive to high quality virtual interactions. This includes but is not limited to being able to work from a quiet space with minimal interruptions or distractions, and a strong internet connection.
• A high level of judgment, analytical ability and creativity in investigating problems that require original and innovative solutions.
• Experience working a fast-paced, high-growth, rapidly changing work environments.
What You Get:
• Join one of the most innovative healthcare technology companies in the country.
• Have the autonomy to build something with an enthusiastically supportive team.
• Learn from working at the highest levels and on the most strategic priorities of the company, including from world class investors and advisors.
• Receive competitive compensation, including equity, with health, dental, vision and other benefits.
Belonging at Bamboo
We Care. #BambooHealthValuesCare
Every human being has the right to the best possible healthcare. Our solutions enable healthcare professionals to see and treat every individual as a whole person by providing the right information, at the right time – regardless of physical, behavioral, or social barriers.
We’re a great place to work because we care. We continually seek to learn about our differences and ensure the unique identities and contributions of all employees are welcome, valued and celebrated.
Our commitment to making a positive impact starts by recognizing and leveraging our differences, building inclusive teams, cultivating a sense of belonging, combating biases, and actively removing barriers to equity.
Bamboo Health is proud to be an Equal Employment Opportunity and affirmative action employer.