Job
Description
About the Role An experienced Cybersecurity Risk & Compliance Analyst to proactively address and manage the risks of the increasingly sophisticated cyber threats. This role aims to strengthen our overall security posture, ensure we meet compliance obligations (like SOC2, HITRUST, PCI DSS), and reduce our risk exposure by shifting towards more proactive measures. Your Area of Focus Threat & Vulnerability Management: l Systematically scan our systems/applications for vulnerabilities. l Analyze findings, prioritize risks based on impact. l Maintain crucial asset inventories (including SBOM/HBOM). l Collaborate closely with IT/DevOps to track and ensure timely remediation of vulnerabilities (patching, configuration changes). Manage Third-Party Penetration Testing Partners: l Develop and maintain a process for ensuring testing coverage for inscope systems. l Collaborate with internal engineering and product teams to define the scope for each penetration test. l Once a vulnerability has been remediated, coordinate with the penetration testing partner to perform retesting and validate the effectiveness of the fix. Governance, Risk & Compliance (GRC) Support: l Manage evidence gathering and preparation for audits (SOC2, HITRUST, PCI DSS, etc.). Reduce audit burden on technical teams. l Assist in developing and maintaining security policies and standards relevant to our operations. l Track compliance status and identify gaps. Risk Management: l Conduct regular risk assessments to find potential security weaknesses and control gaps. l Maintain a risk register and track mitigation efforts. l Monitor emerging technology risks (e.g., GenAI) and assess their potential impact on our environment. Ensure we stay ahead of new threat vectors. Security Support & Guidance: l Serve as a point of contact for security-related questions and provide guidance on best practices. l Support incident investigations and customer security inquiries/audits. Your Professional Qualifications l Solid experience 3 years in cybersecurity, specifically focusing on risk management and compliance. l Strong understanding of vulnerability management, risk assessment methodologies (NIST RMF, ISO 27001). l Experience with compliance frameworks (SOC2, HITRUST, PCI DSS mandatory). l Excellent analytical skills and ability to collaborate effectively across teams (especially IT/DevOps). Perks & Benefits Healimpilo offers best in market perks and benefits to its Employees. Healimpilo is an equal opportunity employer. All applicants will be considered for employment without attention to age, race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
