Business Information Security Analyst

Information Security Redwood City, California


HeartFlow, Inc. is dedicated to making our products and technologies as secure as possible. The Business Information Security Analyst (“BISA”) reports to the Director, Information Security Governance and serves as a trusted advisor to both the business and Information Security Department. This role will liaise between the HeartFlow lines of business and Information Security Department, keeping clear lines of communication including but not limited to; transparency to the business on upcoming security initiatives, reporting of security risks to the CISO and appropriate  committees, as well as a key player in the information security incident response process, from identifying impact to the business and to consumers, to helping shape remediation, and developing external and internal message points. In addition, this role will work with the Information Security Department to identify enterprise compliance deficiencies with Information Security policies and procedures and manage Information Security policies.

Job Responsibilities

  • Monitor and advise on information security issues related to the systems and workflow to ensure internal security controls are appropriate and operating as intended within the business units
  • Support response to information security incidents for the respective business units
  • Develop and publish business-focused Information Security policies, procedures, standards and guidelines based on knowledge of best practices and regulatory compliance requirements and ensure integration into Enterprise Information Security policy
  • Develop a comprehensive security education and awareness program, using instructor-led, train-the trainer, electronic/web-based, and/or multimedia training methods and formats for our employees, contractors, executives and technical operating personnel.
  • Develop targeted communications to business stakeholders on various security related topics.
  • Provide strategic consulting in all aspects related to cyber security training for organization-wide initiatives and projects. Participate in the design, development and implementation of training programs of a broad organizational scope.
  • Conduct needs assessments to identify and evaluate training requirements.
  • Conduct or facilitate general or specific technology training programs.
  • Develop training materials to include training handbooks, job aids, models, multimedia visual aids, computer and web-based tutorials, and standard operating procedures.
  • Participate in effective training delivery including analysis, implementation, testing and documentation of educational systems.
  • Research and study advancements in educational technologies and methods.
  • Recommend and/or implement innovative solutions, modifications and enhancements to security training and awareness programs.
  • Evaluate effectiveness of training and awareness programs, utilizing appropriate data collection instruments and procedures and adjust as necessary to maximize impact.
  • Consult and partner with corporate training, communications, business, and security teams
  • Coordinate with teams across the organization to ensure that security education and awareness needs are satisfied for all security stakeholders.
  • Perform administrative functions necessary to deliver and document training programs.
  • Coordinate and execute IT security policy, awareness training, security compliance, vulnerability and workflow/procedural remediation for specific business units
  • Conduct security research in keeping abreast of latest security issues
  • Prepare Information Security documentation, including department policies and procedures, company Infosec notifications, web content (for awareness training, etc.), and alerts
  • Perform other related duties as assigned

Skills Needed

  • Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
  • Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
  • Proven track record and experience in comprehending workflow deficiencies and ability to develop and articulate changes to those workflows to mitigate risk and not adversely impact workflow efficiencies
  • Poise and ability to act calmly and competently in high-pressure, high-stress situations.
  • Experience in thriving in communication and collaboration with diverse audiences and senior leadership.
  • Demonstrated capabilities in leadership, innovation, problem solving, influencing, organizing and relationship building.
  • Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations and best practices.

Preferred Skills and Experience

  • Knowledge of common information security management frameworks, such as NIST.
  • Knowledge and demonstrated experience of relevant legal and regulatory requirements, such as HITRUST, SOC-2, HITECH, HIPAA Privacy & Security and other CMS regulations and guidelines.
  • Executive level presence and presentation skills
  • Experience with a cloud service spanning multiple countries

Educational Requirements & Work Experience:

  • Master’s Degree and minimum of 2+ years of experience in a similar role
  • Bachelor’s Degree and minimum of 4+ years of experience in a similar role
  • Associate degree and minimum of 7+ years of experience in a similar role.

About HeartFlow, Inc.:

HeartFlow, Inc. is a medical technology company redefining the way heart disease is diagnosed and treated. Our non-invasive HeartFlow FFRct Analysis leverages deep learning to create a personalized 3D model of the heart. By using this model, clinicians can better evaluate the impact a blockage has on blood flow and determine the best treatment for patients. Our technology is reflective of our Silicon Valley roots and incorporates decades of scientific evidence with the latest advances in artificial intelligence. The HeartFlow FFRct Analysis is commercially available in the United States, Canada, Europe and Japan. For more information, visit

HeartFlow, Inc. is an Equal Opportunity Employer. This company does not and will not discriminate in employment and personnel practices based on race, sex, age, handicap, religion, national origin or any other basis prohibited by applicable law. Hiring, transferring and promotion practices are performed without regard to the above listed items.