Senior Information Security Analyst - Governance
HeartFlow, Inc. is dedicated to making our products and technologies as secure as possible. The Senior Information Security Analyst reports to the Director, Information Security Governance and primarily serves as a risk assessor for incoming and existing products, solutions, services and vendors. This role also responds to end user security support requests, assists with access control requests and will play a key role in proactively identifying and providing requirements to mitigate enterprise risks prior to onboarding new, adding feature enhancements, and/or allowing updates. This role will also chair the change review board and assist the Business Information Security Analyst with the Information Security Training and Awareness program.
- Evaluate requests for exception to established security policies, guidelines and standards.
- Document findings associated with all exception requests and review on a recurring basis for continued necessity
- Perform information security reviews of vendor software, solutions and services to assess risk imposed and compliance levels against regulatory (HIPAA, PCI, etc.), department policies, guidelines and standards
- Provide risk reduction\mitigation options where possible for all requested security review and exceptions. Track and ensure requestor compliance with mandated-options provided
- Document all approved reviews and audit on a recurring basis for continued necessity
- Develop and mature the change management strategy, team charter, and execution plan that supports goals, maximizes employee adoption and usage and minimizes resistance
- Chairs change management meetings assuring all requirements and open concerns have been mitigated prior to implementation
- Tracks disposition of all change requests
- Provide support to training and awareness initiatives, including but not limited to phish-testing, lunch and learn logistical support, etc.
- Establish a security review and exception process which includes accomplishing periodic review and renewal or denial of existing reviews and exceptions
- Respond to end user security support requests; monitor security inbox, follow up on support requests through to completion
- Assist the Business Information Security Analyst with the Information Security Training and Awareness program as required
- Ability to analyze and prioritize vulnerabilities to appropriately characterize threats and provide remediation advice.
- Experience running a change management function
- Ability to understand information security and information technology risks associated with vulnerability testing, patch management, and secure configuration management.
- Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments
- Thorough understanding of network defense technologies, TCP/IP networking, Active Directory, DHCP, DNS, network security monitoring tools, secure engineering principles and technical security testing
- Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security/risk-related concepts to technical and nontechnical audiences.
- Proven track record and experience in risk assessment, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
- Proven track record and experience in comprehending workflow deficiencies and ability to develop and articulate changes to those workflows to mitigate risk and not adversely impact workflow efficiencies
- Poise and ability to act calmly and competently in high-pressure, high-stress situations.
- Experience in thriving in communication and collaboration with diverse audiences and senior leadership.
- Demonstrated capabilities in leadership, innovation, problem solving, influencing, organizing and relationship building.
- Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations and best practices.
Preferred Skills and Experience
- Knowledge of common information security management frameworks, such as NIST.
- Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HITRUST, SOC-2, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines.
- Executive level presence and presentation skills
- Experience with a cloud service spanning multiple countries
Educational Requirements & Work Experience:
- Master’s Degree and minimum of 2+ years of experience in a similar role
- Bachelor’s Degree and minimum of 4+ years of experience in a similar role
- Associate degree and minimum of 7+ years of experience in a similar role
About HeartFlow, Inc.:
HeartFlow, Inc. is a medical technology company redefining the way heart disease is diagnosed and treated. Our non-invasive HeartFlow FFRct Analysis leverages deep learning to create a personalized 3D model of the heart. By using this model, clinicians can better evaluate the impact a blockage has on blood flow and determine the best treatment for patients. Our technology is reflective of our Silicon Valley roots and incorporates decades of scientific evidence with the latest advances in artificial intelligence. The HeartFlow FFRct Analysis is commercially available in the United States, Canada, Europe and Japan. For more information, visit www.heartflow.com.
HeartFlow, Inc. is an Equal Opportunity Employer. This company does not and will not discriminate in employment and personnel practices based on race, sex, age, handicap, religion, national origin or any other basis prohibited by applicable law. Hiring, transferring and promotion practices are performed without regard to the above listed items.