InfoSec Compliance Analyst
InfoSec Compliance Analyst
Posted on :
06-06-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
Who we are
Zus is a shared health data platform designed to accelerate healthcare data interoperability by providing easy-to-use patient data via API embedded components and direct EHR integrations. Founded in 2021 by Jonathan Bush co-founder and former CEO of athenahealth Zus partners with HIEs and other data networks to aggregate patient clinical history and then translates that history into user-friendly information at the point of care. Zuss mission is to catalyze healthcares greatest inventors by maximizing the value of patient insights - so that they can build up not around.
What were looking for
We are looking for an InfoSec Compliance Analyst to support and mature our InfoSec and Compliance programs. This role is perfect for someone who is process-driven organized and curious with an eye for documentation systems and continuous improvement. Youll be a critical partner in maintaining and enhancing our security practices with opportunities to grow deeper into the Risk and InfoSec management space (e.g. AWS DevOps and security infrastructure) over time.
Youll report to our Manager of InfoSec and collaborate cross-functionally with IT Engineering Legal People Ops and other teams to keep our security privacy and compliance programs running smoothly and effectively
As part of our team you will be responsible for
Risk and Compliance Management
- Maintaining and monitoring SOC 2 controls tests and evidence. Assisting with coordination of any required remediation or documentation generation.
- Proactively identifying raising and documenting risks as part of our ongoing Risk Management program.
- Performing access reviews across Zus Identity-Provider (Okta) customer environments SaaS tools and Google Workspace.
Operational Security Stewardship
- Performing the security review aspect of new software acquisition or purchase request within Zus
- Managing Vendor Review and Third-Party Risk Management (TPRM) workflows.
- Leading the configuration maintenance and reporting for security awareness and anti-phishing campaigns.
InfoSec Planning and Program Coordination
- Operating the master InfoSec program schedule ensuring all annual and quarterly security activities are completed on time documented thoroughly and the compliance artifacts are generated and securely stored..
- Planning coordinating and publishing materials for scheduled activities such as postmortems incident debriefs and tabletop exercises.
- Driving annual compliance activities such as Disaster Recovery tests Incident Response tests Network reviews Penetration tests Risk Assessments and Customer SSO credential rotations.
- Coordinating quarterly compliance reviews in partnership with Legal and other stakeholders.
Process Improvement
- Helping prioritize and track incident postmortem follow-up actions.
- Contribute to implementation work related to configuration-as-code and GitOps workflows.
- Maintain hygiene (related to sensitive customer data PHI) in shared environments (e.g. Google Drive monitoring and cleanup).
Youre a good fit because you have
- Organized detail-oriented and accountable you take pride in running a tight ship.
- Strong project and documentation skills; you can wrangle chaos into a crisp Confluence page and clearly defined Jira tickets.
- Familiarity with SIEM tools.
- Fast and effective: you know how to move things forward without overcomplicating them.
- A self-starter attitude that shows that you are ready for the fast and sometimes unstructured nature of an early startup.
It would be great if you had
- Interest in growing into AWS DevOps and Security infrastructure concepts you dont need to be a developer but youre curious and eager to learn.
- Previous experience supporting SOC 2 audits or other security frameworks (HIPAA ISO 27001 HITRUST etc.).
- Exposure to tools like GitHub Jira GSuite Admin TrustCloud or AWS IAM is a plus.
- Basic knowledge of infrastructure-as-code and configuration-as-code as well as CI/CD processes.
- CISA certification.
$75000 - $95000 a year
This role is based in Boston with a hybrid schedule where youll be expected to work in the office a few days per week. Were located at 1 Lincoln St.
We will offer you
Competitive compensation that reflects the value you bring to the team a combination of cash and equity
Robust benefits that include health insurance wellness benefits 401k with a match unlimited PTO
Opportunity to work alongside a passionate team that is determined to help change the world (and have fun doing it)
Please Note: Research shows that candidates from underrepresented backgrounds often dont apply unless they meet 100% of the job criteria. While we have worked to consolidate the minimum qualifications for each role we arent looking for someone who checks each box on a page; were looking for active learners and people who care about disrupting the current healthcare system with their unique experiences.
We do not conduct interviews by text nor will we send you a job offer unless youve interviewed with multiple people including the Director of People & Talent over video interviews. Job scams do exist so please be careful with your personal information.
Required Experience:
IC
Employment Type
Full-Time
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
