Senior Security and Compliance Analyst

About Certify : At CertifyOS, we're building the infrastructure that powers the next generation of provider data products, making healthcare more efficient, accessible, and innovative. Our platform is the ultimate source of truth for provider data, offering unparalleled ease and trust while making data easily accessible and actionable for the entire healthcare ecosystem. What sets us apart? Our cutting-edge, API-first, UI-agnostic, end-to-end provider network management platform automates licensing, enrollment, credentialing, and network monitoring like never before. With direct integrations into hundreds of primary sources, we have an unbeatable advantage in enhancing visibility into the entire provider network management process. Plus, our team brings over 25+ years of combined experience building provider data systems at Oscar Health, and we're backed by top-tier VC firms who share our bold vision of creating a one-of-a-kind healthcare cloud that eliminates friction surrounding provider data. But it's not just about the technology; it's about the people behind it. At Certify, we foster a meritocratic environment where every voice is heard, valued, and celebrated. We're founded on the principles of trust, transparency, and accountability, and we're not afraid to challenge the status quo at every turn. We're looking for purpose-driven individuals like you to join us on this exhilarating ride as we redefine healthcare data infrastructure. About the role: The Senior Security and Compliance Analyst will be responsible for driving security initiatives, managing risk assessments, ensuring compliance with regulatory frameworks, and supporting audits. This role requires a strong background in security governance, risk, and compliance (GRC), along with hands-on experience implementing security controls across cloud and enterprise environments. Qualifications Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience). 5–8 years of experience in information security, risk management, or compliance. Strong knowledge of security frameworks: National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), ISO 27001, Center for Internet Security Controls (CIS Controls), SOC 2. Experience with regulatory compliance requirements: HIPAA, GDPR, CCPA, HITRUST. Hands-on experience with security tools (SIEM, DLP, IAM, Cloud Access Security Broker – CASB). Excellent communication and documentation skills. Relevant certifications preferred: CISSP – Certified Information Systems Security Professional CISA – Certified Information Systems Auditor ISO 27001 LA/LI – ISO 27001 Lead Auditor/Lead Implementer CCSK – Certificate of Cloud Security Knowledge Additional Information At Certify, we're committed to creating an inclusive workplace where everyone feels valued and supported. As an equal opportunity employer, we celebrate diversity and warmly invite applicants from all backgrounds to join our vibrant community.