Senior Information Security Analyst - Certifications
Redwood City, CA

Job Description

HeartFlow, Inc. is dedicated to making our products and technologies as secure as possible. The Senior Information Security Analyst reports to the Director, Information Security Governance is a critical role and will be responsible for supporting future and existing compliance initiatives and audits for a fast growing, highly technical Cloud Based SaaS Company. The ideal candidate will have supported compliance programs in a SaaS environment.

This role will collaborate with our Dev/SecOps Automation and other lines of business within HeartFlow to build relationships and trust across the organization. This role is critical in representing HeartFlow's certification and attestation goals to support HeartFlow's rapidly expanding global enterprise customer base in a new frontier of cloud computing. The ideal candidate will have at least 5 years supporting audit compliance programs and at least 3 years of experience in a SaaS environment.

Additionally, this candidate must have experience with 3 of the following: SOC2 Type 2, HIPAA, ISO 27001, NIST 800-53 and FedRAMP. Communication skills will be critical to success. The role requires the candidate to be detail oriented and highly organized with a positive attitude under intense pressure. The ability to take ownership of cross-functional projects and complete them on time and on budget will be crucial to fuel the candidate's and HeartFlow's growth.

Job Responsibilities:

* Work with External Auditors and Assessors to keep current certification and attestations current.
* Improve the efficiency, scalability, and reliability of our security controls.
* Take the lead in obtaining and maintaining new compliance initiatives such as FedRAMP and HITRUST 9.1
* Perform regular compliance audits and mitigate gaps (i.e. keeping policies up-to-date, independently collecting relevant evidence, developing standards and procedures where none are present)
* Create methodologies and procedures for security best practices and regulatory certification
* Maintain documentation of compliance deficiencies, remediation activities and controls
* Produce certification and attestation progress reports on a recurring basis for the CISO and other senior executive leaders
* Other duties as assigned by Director, Information Security Governance and CISO

Skills Needed:

* Experience with managing and supporting an Enterprise Risk Management Lifecycle, Processes and Procedures
* Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate security and risk-related concepts to technical and nontechnical audiences.
* Experience applying general security and risk management concepts to globally deployed cloud-based SaaS platform.
* Proven track record and experience in developing information security policies and procedures, as well as successfully executing programs that meet the objectives of excellence in a dynamic environment.
* Knowledge of common information security management frameworks, such as NIST
* 5+ years supporting audit compliance programs and at least 3+ years of experience in a SaaS environment.
* Must be detail oriented and highly organized
* Poise and ability to act calmly and competently in high-pressure, high-stress situations.
* Experience in thriving in communication and collaboration with diverse audiences and senior leadership.
* Demonstrated capabilities in leadership, innovation, problem solving, influencing, organizing and relationship building.
* Self-starter, positive attitude, ability to work independently, enjoys learning and staying current with industry developments, regulations and best practices.

Preferred Skills and Experience:

* Knowledge and demonstrated experience of relevant legal and regulatory requirements, with at least 3+ years of experience with 3 or more of the following: SOC2 Type 2, HIPAA, ISO 27001, NIST 800-53 and FedRAMP
* Executive level presence and presentation skills
* Experience with a cloud service spanning multiple countries

Educational Requirements & Work Experience:

* Master's Degree and minimum of 2+ years of experience in a similar role
* Bachelor's Degree and minimum of 4+ years of experience in a similar role
* Associate degree and minimum of 7+ years of experience in a similar role

About HeartFlow, Inc.:

HeartFlow, Inc. is a medical technology company redefining the way heart disease is diagnosed and treated. Our non-invasive HeartFlow FFRct Analysis leverages deep learning to create a personalized 3D model of the heart. By using this model, clinicians can better evaluate the impact a blockage has on blood flow and determine the best treatment for patients. Our technology is reflective of our Silicon Valley roots and incorporates decades of scientific evidence with the latest advances in artificial intelligence. The HeartFlow FFRct Analysis is commercially available in the United States, Canada, Europe and Japan. For more information, visit www.heartflow.com.

HeartFlow, Inc. is an Equal Opportunity Employer. This company does not and will not discriminate in employment and personnel practices based on race, sex, age, handicap, religion, national origin or any other basis prohibited by applicable law. Hiring, transferring and promotion practices are performed without regard to the above listed items.