Senior Security and Compliance Analyst

About Certify: At CertifyOS, we're building the infrastructure that powers the next generation of provider data products, making healthcare more efficient, accessible, and innovative. Our platform is the ultimate source of truth for provider data, offering unparalleled ease and trust while making data easily accessible and actionable for the entire healthcare ecosystem
What sets us apart? Our cutting-edge, API-first, UI-agnostic, end-to-end provider network management platform automates licensing, enrollment, credentialing, and network monitoring like never before. With direct integrations into hundreds of primary sources, we have an unbeatable advantage in enhancing visibility into the entire provider network management process. Plus, our team brings over 25 years of combined experience building provider data systems at Oscar Health, and we're backed by top-tier VC firms who share our bold vision of creating a one-of-a-kind healthcare cloud that eliminates friction surrounding provider data
But it's not just about the technology; it's about the people behind it. At Certify, we foster a meritocratic environment where every voice is heard, valued, and celebrated. We're founded on the principles of trust, transparency, and accountability, and we're not afraid to challenge the status quo at every turn. We're looking for purpose-driven individuals like you to join us on this exhilarating ride as we redefine healthcare data infrastructure
About the role:
The Senior Security and Compliance Analyst will be responsible for driving security initiatives, managing risk assessments, ensuring compliance with regulatory frameworks, and supporting audits. This role requires a strong background in security governance, risk, and compliance (GRC), along with hands-on experience implementing security controls across cloud and enterprise environments. Security & Risk Management
Perform risk assessments, vendor due diligence, and control gap analysis. Develop and enforce security policies, standards, and procedures. Collaborate with engineering, IT, and business teams to remediate security risks.
Compliance & Audit
Support internal and external audits (System and Organization Controls 2 – SOC 2, International Organization for Standardization – ISO 27001, Health Insurance Portability and Accountability Act – HIPAA, Health Information Trust Alliance – HITRUST, General Data Protection Regulation – GDPR, California Consumer Privacy Act – CCPA).
Maintain evidence repositories and ensure timely submission for audits using tools like Drata (compliance automation platform). Track and close compliance gaps and audit findings.
Governance & Awareness
Monitor and report on compliance posture to management. Conduct security awareness training for employees. Drive third-party risk management activities.
Cloud & Technical Security Work with IT and Cloud teams to implement and validate security controls across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) using security centers (e.g., Google Cloud Security Command Center). Monitor Identity and Access Management (IAM), Data Loss Prevention (DLP), and Security Information and Event Management (SIEM) systems. Review security configurations and provide recommendations for improvement. Manage workflows and remediation tasks via tools like Jira (issue and project tracking). Qualifications Bachelor's degree in Information Security, Computer Science, or related field (or equivalent experience). 5–8 years of experience in information security, risk management, or compliance. Strong knowledge of security frameworks: National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), ISO 27001, Center for Internet Security Controls (CIS Controls), SOC 2. Experience with regulatory compliance requirements: HIPAA, GDPR, CCPA, HITRUST. Hands-on experience with security tools (SIEM, DLP, IAM, Cloud Access Security Broker – CASB). Excellent communication and documentation skills.
Relevant certifications preferred: CISSP – Certified Information Systems Security Professional CISA – Certified Information Systems Auditor ISO 27001 LA/LI – ISO 27001 Lead Auditor/Lead Implementer CCSK – Certificate of Cloud Security Knowledge

At Certify, we're committed to creating an inclusive workplace where everyone feels valued and supported. As an equal opportunity employer, we celebrate diversity and warmly invite applicants from all backgrounds to join our vibrant community.

---