Client Security Analyst

Responsibilities:

• Own the end-to-end process for all client and prospect security questionnaires, acting as the central project manager from the initial JIRA ticket to final delivery.
• Review, triage, and assign all questions to the appropriate cross-functional teams (e.g., Engineering, IT, Legal), eliminating ambiguity and coordination burdens from the Client Success Managers (CSMs).
• Collaborate with and track progress from all internal stakeholders, actively managing timelines to ensure responses are accurate and completed within established SLAs.
• Perform final quality assurance (QA) reviews on all completed questionnaires to ensure the document is cohesive, professional, and all questions are answered before client delivery.
• Partner with GRC leadership to develop, document, and refine standardized workflows, creating clear success metrics (e.g., reduced turnaround time).
• Act as the primary point of contact for the Sales and Client Success teams on all security-related inquiries, including escalations for new sales and upsell deals.
• Represent the cybersecurity team on calls with clients and prospects, acting as the expert to address security concerns and build trust.
• Develop, maintain, and promote a "Trust Center" (e.g., using Whistic) by centralizing existing "Go-To-Market Packet" and other documentation to proactively address common security questions.
• Manage the intake process for security reviews of non-standard client agreements, collaborating with Legal to formalize the review of data security and AI clauses.
• Support the Third-Party Risk Management (TPRM) program by helping to manage automated workflows that flag high-risk vendors for GRC review.
• Assist in communicating and enforcing the required Third-Party Security Addendum (TPSA) for new vendors.

Qualifications:

• 3+ years of experience in GRC, risk management, or a security-focused client-facing role.
• Demonstrated experience in project management or process coordination
• Direct experience supporting a fast-paced sales or client success team as a security subject matter expert.
• Proven ability to manage and respond to client/prospect security questionnaires, RFPs, and security assessments.
• Strong understanding of GRC and compliance frameworks, especially HIPAA and SOC 2.
• Exceptional client-facing communication skills, with the ability to explain complex security concepts to both technical and non-technical audiences.
• Comfortable holding cross-functional partners accountable to deadlines.

Preferred Qualifications:

• Bachelor's degree in a related field.
• Experience using JIRA or similar service desk ticketing systems to manage and track workflows.
• Experience using GRC, TPRM, or security questionnaire platforms (e.g., Whistic, Vanta, OneTrust, Loopio, RFPio).
• Experience in the healthcare or health tech industry.
• Relevant certifications (CISM, CRISC, CISA, etc.).

Physical/Cognitive Requirements:

• Capability to remain seated in a stationary position for prolonged periods.
• Eye-hand coordination and manual dexterity to operate keyboard, computer and other office-related equipment.
• Capability to work with leadership, employees, and members in an appropriate manner.