Senior Analyst, Security Compliance (HIPAA)

TL;DR

Senior Analyst, Security Compliance (HIPAA): Overseeing the HIPAA Security Compliance program and acting as a trusted advisor to Product and Engineering teams. Focus on reducing organizational risk through gap assessments and building executive-level dashboards that communicate risk burndown and the strategic value of the Compliance team.

Location: Remote - Ontario, British Columbia or Alberta, Canada.

Salary: $99,760 - $124,700

Company

At hirify.global, we’re shaping the future of communications, all from the comfort of our homes.

What you will do

• Orchestrate complex security compliance initiatives, ensuring adherence to project milestones and alignment with organizational OKRs.
• Proactively identify and neutralize project bottlenecks.
• Lead comprehensive HIPAA Security Rule assessments to determine organizational readiness for HIPAA eligibility.
• Govern remediation workflows, ensuring that security gaps are closed in alignment with product release timelines and the broader risk appetite of the business.
• Help build scalable security control frameworks and continuous monitoring programs.
• Partner with Product and Engineering to advise on "Security by Design" principles.

Requirements

• 5+ years of Security Compliance, Audit, or Risk Management experience, ideally working with internal or external customers to ensure products are HIPAA compliant / eligible. This can be complemented by experience working with security-centric risk management or compliance frameworks such as ISO/IEC 27001, PCI DSS, SOC2, FedRAMP, NIST 800-53, etc.
• 2+ years of working with technical security and Engineering / IT to implement technical control solutions (preferably within code deployment pipelines and public cloud solutions).
• 2+ years of project management experience in security or another technical field.
• Ability to work in a dynamic, fast-paced environment that requires constant prioritization.
• Demonstrate strong verbal and written communication skills, and ability to translate complex technical or security requirements or risks into business language that can be understood by various audiences.
• Ability to think critically and solve problems, create win-win solutions.

Nice to have

• Experience and familiarity with cloud security techniques and working with public cloud solutions including but not limited to AWS and GCP.
• Experience and familiarity with securing code deployment pipelines and Infrastructure as Code (IaC).
• CISA, CISM, GIAC, CISSP or other Information Security related certification is highly preferred.

Culture & Benefits

• Competitive pay.
• Generous time off.
• Ample parental and wellness leave.
• Healthcare.
• A retirement savings program.