Security Analyst Remote - United States - SimplePractice : Job Details

Santa Monica, California (Open to Remote)

About Us

At SimplePractice, our team is dedicated to improving the health and wellness industry by building a suite of innovative solutions for practitioners and their clients. Our product supports practitioners on their clinical journey to becoming licensed, helps them manage their business and practice once theyre up and running, and enables new clients to discover and interact with practitioners. Taking a practitioner-first approach in everything we do makes it possible for health and wellness practitioners to devote more time to their clients while they use SimplePractice to start, grow, and maintain a successful private practice.

The Role

SimplePractice is seeking a detail-oriented and proactive Security Analyst to join our growing security team. This role is pivotal in safeguarding our AWS-hosted healthcare SaaS platform, ensuring the confidentiality, integrity, and availability of sensitive health data. The ideal candidate will possess a strong background in defensive security operations, regulatory compliance, and risk management, contributing to our mission of delivering secure and reliable healthcare solutions.

Responsibilities

• Blue Team Operations & Incident Response
  • Monitor security alerts and respond to incidents, conducting root cause analyses and implementing corrective actions
  • Collaborate with the security team to develop and refine incident response plans and playbooks
  • Utilize Security Information and Event Management (SIEM) tools to detect and analyze potential threats
  • Perform regular vulnerability assessments and coordinate remediation efforts with relevant teams
  • Conduct threat hunting activities to proactively identify and mitigate potential security risks.
• Governance, Risk, and Compliance (GRC)
  • Develop, implement, and maintain security policies, standards, and procedures in alignment with industry regulations such as HIPAA, HITRUST, and PCI
  • Conduct risk assessments to identify vulnerabilities and ensure appropriate controls are in place
  • Collaborate with internal stakeholders to ensure compliance with regulatory requirements and internal policies
  • Assist in the preparation and management of documentation for internal and external audits, including evidence collection and control mapping
• Third-Party Risk Management
  • Assess and monitor third-party vendors to ensure they meet security and compliance requirements
  • Work closely with procurement and legal teams to incorporate security considerations into vendor contracts
  • Maintain an up-to-date inventory of third-party vendors and their associated risk profiles
  • Utilize security ratings services to continuously evaluate the security posture of third-party vendors
• Security Awareness & Training
  • Develop and deliver security awareness training programs to educate employees on security best practices and policies
  • Promote a culture of security awareness throughout the organization.
• Security Monitoring & Reporting
  • Generate regular reports on security metrics, incidents, and compliance status for management review Stay informed about emerging threats and vulnerabilities, recommending proactive measures to mitigate risks.

Desired Skills & Experience

• Bachelors degree in Information Security, Computer Science, or a related field
• Minimum of 3 years of experience in security analysis, GRC, or related roles within a cloud-based environment
• Proficiency in using SIEM tools and conducting security investigations
• Familiarity with regulatory frameworks such as HIPAA, HITRUST, and PCI
• Experience with risk assessment methodologies and tools
• Understanding of AWS security best practices and Infrastructure as Code (IaC) principles
• Knowledge of vulnerability assessment tools and threat intelligence platforms.
• Strong analytical and problem-solving abilities
• Excellent communication skills, capable of articulating complex security concepts to technical and non-technical stakeholders
• Proven ability to work collaboratively in cross-functional teams and adapt to a fast-paced, agile environment.

Bonus Points

• Relevant certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), or Certified in Risk and Information Systems Control (CRISC) are highly desirable.

Base Compensation Range

$80,000 - $100,000 annually

Base salary is one component of total compensation. Employees may also be eligible for an annual bonus or commission. Some roles may also be eligible for overtime pay.

The above represents the expected base compensation range for this job requisition. Ultimately, in determining your pay, well consider many factors including, but not limited to, skills, experience, qualifications, geographic location, and other job-related factors.

We offer a competitive benefits program including:

• Medical, dental, vision, life & disability insurance
• 401(k) plan with company match
• Flexible Time Off (FTO), wellbeing days, paid holidays, and summer Fridays
• Mental health resources
• Paid parental leave & Backup Care
• Employee Resource Groups (ERGs)

California Job Applicant Privacy Notice

Thank you for your interest in opportunities at SimplePractice LLC (SimplePractice or us or we or our). Please note that when you submit your resume or application materials to us for employment purposes, you are subject to theSimplePractice California Job Applicant Privacy Notice .

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

LinkedIn Profile

What are your salary expectations? *

Do you need visa sponsorship to work in the US? * Select...

We are serious about our dedication to building a diverse workplace, where our employees can bring their best selves to work in order to learn, thrive, and do great things together. In recent years, weve doubled down on our commitments to ensuring we are a values-driven culture supported by strong individuals and leaders. This commitment extends to hiring, where we have set high standards for ourselves to run a positive and inclusive process.

To help us recruit and hire in a way that is respectful of all candidates, we invite you to anonymously self-identify about gender, sexual orientation, race/ethnicity, veteran status, and disabilities.Any information provided is completely voluntary, anonymous, and analyzed in aggregate by a small group on our People & Talent team.

If you prefer not to participate, thats fine. However, we hope that you will choose to answer so we can gather as much data as possible, and use it to continue making a vibrant, diverse, and special place to work.

The legal stuff: All individuals that are seeking employment are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, pregnancy, veteran status, gender identity, gender expression, or sexual orientation.

Gender Identity Select...

Select...

LGBTQIA+ Identity Select...

Race/Ethnicity (please mark all that apply) Select...

Select...

I have a disability (physical or non-physical) Select...

Free 30-day trial. No contracts. Change anytime. Tax deductible.

By entering your email address, you are opting-in to receive emails from SimplePractice on its various products, solutions, and/or offerings. Unsubscribe anytime.