Security Analyst

About Us

At SimplePractice our team is dedicated to improving the health and wellness industry by building a suite of innovative solutions for practitioners and their clients. Our product supports practitioners on their clinical journey to becoming licensed helps them manage their business and practice once theyre up and running and enables new clients to discover and interact with practitioners. Taking a practitioner-first approach in everything we do makes it possible for health and wellness practitioners to devote more time to their clients while they use SimplePractice to start grow and maintain a successful private practice.

The Role

SimplePractice is seeking a detail-oriented and proactive Security Analyst to join our growing security team. This role is pivotal in safeguarding our AWS-hosted healthcare SaaS platform ensuring the confidentiality integrity and availability of sensitive health data. The ideal candidate will possess a strong background in defensive security operations regulatory compliance and risk management contributing to our mission of delivering secure and reliable healthcare solutions.

Responsibilities

• Blue Team Operations & Incident Response
  • Monitor security alerts and respond to incidents conducting root cause analyses and implementing corrective actions
  • Collaborate with the security team to develop and refine incident response plans and playbooks
  • Utilize Security Information and Event Management (SIEM) tools to detect and analyze potential threats
  • Perform regular vulnerability assessments and coordinate remediation efforts with relevant teams
  • Conduct threat hunting activities to proactively identify and mitigate potential security risks.
• Governance Risk and Compliance (GRC)
  • Develop implement and maintain security policies standards and procedures in alignment with industry regulations such as HIPAA HITRUST and PCI
  • Conduct risk assessments to identify vulnerabilities and ensure appropriate controls are in place
  • Collaborate with internal stakeholders to ensure compliance with regulatory requirements and internal policies
  • Assist in the preparation and management of documentation for internal and external audits including evidence collection and control mapping
• Third-Party Risk Management
  • Assess and monitor third-party vendors to ensure they meet security and compliance requirements
  • Work closely with procurement and legal teams to incorporate security considerations into vendor contracts
  • Maintain an up-to-date inventory of third-party vendors and their associated risk profiles
  • Utilize security ratings services to continuously evaluate the security posture of third-party vendors
• Security Awareness & Training
  • Develop and deliver security awareness training programs to educate employees on security best practices and policies
  • Promote a culture of security awareness throughout the organization.
• Security Monitoring & Reporting
  • Generate regular reports on security metrics incidents and compliance status for management review
    Stay informed about emerging threats and vulnerabilities recommending proactive measures to mitigate risks.

Desired Skills & Experience

• Bachelors degree in Information Security Computer Science or a related field
• Minimum of 3 years of experience in security analysis GRC or related roles within a cloud-based environment
• Proficiency in using SIEM tools and conducting security investigations
• Familiarity with regulatory frameworks such as HIPAA HITRUST and PCI
• Experience with risk assessment methodologies and tools
• Understanding of AWS security best practices and Infrastructure as Code (IaC) principles
• Knowledge of vulnerability assessment tools and threat intelligence platforms.
• Strong analytical and problem-solving abilities
• Excellent communication skills capable of articulating complex security concepts to technical and non-technical stakeholders
• Proven ability to work collaboratively in cross-functional teams and adapt to a fast-paced agile environment.

Bonus Points

• Relevant certifications such as Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) are highly desirable.

Base Compensation Range

$80000 - $100000 annually

Base salary is one component of total compensation. Employees may also be eligible for an annual bonus or commission. Some roles may also be eligible for overtime pay.

The above represents the expected base compensation range for this job requisition. Ultimately in determining your pay well consider many factors including but not limited to skills experience qualifications geographic location and other job-related factors.

Benefits

We offer a competitive benefits program including:

• Medical dental vision life & disability insurance
• 401(k) plan with company match
• Flexible Time Off (FTO) wellbeing days paid holidays and summer Fridays
• Mental health resources
• Paid parental leave & Backup Care
• Tuition reimbursement
• Employee Resource Groups (ERGs)

California Job Applicant Privacy Notice

Thank you for your interest in opportunities at SimplePractice LLC (SimplePractice or us or we or our). Please note that when you submit your resume or application materials to us for employment purposes you are subject to theSimplePractice California Job Applicant Privacy Notice.

For more information about our privacy practices please contact us at.