Information Security Compliance Analyst
What We Do:
Florence (florencehc.com) software reduces the time it takes to deliver medical cures to those who need them. Our industry-leading software is used to streamline clinical trials at over 8,500 research sites, sponsors, and CROs across 35 countries.
Florence was recognized as the Biggest Impact Company, a Top 10 Innovative Company in Georgia by the Technology Association of Georgia in 2021, and most recently No. 31 on the Fortune list of Best Small Workplaces 2021.
As part of Florence's Information Security Program, we are building our security team to ensure we continually reduce risk and align our security efforts with industry standards and best practices.
What You’ll Bring to The Team:
We seek a passionate Information Security Compliance Analyst to help build and enhance our Information Security audit capabilities with a focus on the SOC 2 Type II audit. As part of a growing Information Security team within Florence, you will play a vital role in the initiatives to reduce security risk and achieve and maintain compliance with security frameworks including the SOC 2.
You will:
- Drive SOC 2 audit and other security audit related activities by collecting and providing evidence, communicating with stakeholders, and coordinating and participating in audit meetings.
- Support the team in performing vendor risk assessments, contract reviews, and SOC/SSAE18 reviews
- Support the completion of third-party security questionnaires.
- Assist with the development and documentation of security policies and procedures necessary to mitigate risk and align with industry standards, regulations, and best practices.
- Act as a SME to support the interpretation of policies and compliance requirements to staff, process owners, and control owners
- Manage and maintain security awareness training and testing program
- Participate in the identification, creation, and/or collection of reporting metrics
- Participate in the development and maintenance of the Information Security risk register
- Develop strong and meaningful relationships across all departments of the organization
An Ideal Candidate has:
- Bachelor's degree from an accredited university and a minimum of 5 years of related professional experience.
- General knowledge of compliance, risk, and security.
- Experience leading SOC2 audits or equivalent.
- Ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff, security vendors, consultants, and senior management.
- Ability to thrive in a fast-paced, technical, and mission-focused environment.
- Ability to multi-task and track many simultaneous initiatives.
- Must be tactful, detail-oriented, and able to comprehend technical and regulatory requirements.
Bonus Points if you have:
- Experience testing or auditing technical controls
- Experience in IT and/or Information Security technologies
- Experience performing risk assessments
- Familiarity with security frameworks such as NIST CSF, NIST 800-53, ISO27001, CIS Controls
- Supporting certifications (e.g., CISA, CRISC, CISSP)
- Understanding of regulatory requirements such as HIPAA, GDPR, CCPA
What’s in it for you?
- Do well. We offer exceptional salary, education budget, private health insurance
- Do good. We insist that health technology is the highest calling for software development. We pride ourselves on working on something bigger than ourselves; helping advance cures and therapies
- Enjoy. Our office is in Atlanta with remote work options
Florence Healthcare supports workplace diversity and does not discriminate on the basis of race, color, religion, gender identity or expression, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, physical disability, or any other protected class.