Collective Health
Lead Security Analyst - GRC
Collective Health, San Francisco, California, United States, 94199
Join to apply for the
Lead Security Analyst - GRC
role at
Collective Health Join to apply for the
Lead Security Analyst - GRC
role at
Collective Health At Collective Health, we’re transforming how employers and their people engage with their health benefits by seamlessly integrating cutting-edge technology, compassionate service, and world-class user experience design.
You’ll lead initiatives that address the company’s—and some of our industry’s—most sophisticated and meaningful security engineering challenges. You will build relationships across all parts of the business and drive multi-functional initiatives to continuously improve our security and privacy posture. You will be responsible for building and implementing controls that can scale and optimize as we move into a context-aware security environment.
What You'll Do
Governance & Compliance:
Evaluate and implement security controls based on frameworks such as NIST, CIS, HIPAA, SOC 2, and HITRUST. Develop and maintain policies, procedures, and documentation (controls, narratives, matrices). Lead SOC 2 and HITRUST audit engagements, from audit planning through remediation. Coordinate and monitor third-party risk assessments and compliance reviews. Own and lead BCP (Business Continuity Planning) and BIA (Business Impact Assessments) efforts. Build and maintain security risk registry
Audit & Risk Management
Perform audit readiness assessments, and support internal/external audits. Partner with external auditors, control owners, and leadership to minimize business disruption. Track and drive remediation plans based on audit findings and compliance gaps. Maintain and communicate exception documentation for policy deviations. Educate and guide control/risk owners on their responsibilities.
Advisory & Communication
Act as a liaison between technical and non-technical stakeholders. Respond to security questionnaires, RFIs, and client compliance inquiries. Develop and deliver security awareness and training programs. Provide executive reporting on program status, risks, and overall health.
Required
To be successful in this role, you'll need:
8+ years in cybersecurity, GRC, audit, or risk/compliance roles. Experience managing SOC 2 / HITRUST audits, especially in cloud-native environments. Strong working knowledge of security frameworks and regulatory requirements. Demonstrated policy, data management, and risk mitigation capabilities. Familiarity with GRC tools and audit processes. Excellent communication and cross-functional collaboration skills.
Preferred (Nice To Haves)
Big 4 accounting firm background. Professional certifications: CISSP, CISA, CRISC, CISM, or similar.
Pay Transparency Statement
This is a hybrid position based out of one of our offices: San Francisco, CA, Plano, TX, or Lehi, UT. Hybrid employees are expected to be in the office two days per week.
The actual pay rate offered within the range will depend on factors including geographic location, qualifications, experience, and internal equity. In addition to the salary, you will be eligible for stock options and benefits like health insurance, 401k, and paid time off. Learn more about our benefits at https://jobs.collectivehealth.com/benefits/.
San Francisco, CA Pay Range
$168,000—$210,000 USD
Lehi, UT Pay Range
$134,500—$168,000 USD
Plano, TX Pay Range
$147,800—$185,500 USD
Why Join Us?
Mission-driven culture that values innovation, collaboration, and a commitment to excellence in healthcare Impactful projects that shape the future of our organization Opportunities for professional development through internal mobility opportunities, mentorship programs, and courses tailored to your interests Flexible work arrangements and a supportive work-life balance
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Collective Health is committed to providing support to candidates who require reasonable accommodation during the interview process. If you need assistance, please contact recruiting-accommodations@collectivehealth.com.
Privacy Notice
For more information about why we need your data and how we use it, please see our privacy policy: https://collectivehealth.com/privacy-policy/.
Seniority level
Seniority level Mid-Senior level Employment type
Employment type Full-time Job function
Job function Information Technology Industries Hospitals and Health Care Referrals increase your chances of interviewing at Collective Health by 2x Sign in to set job alerts for “Security Analyst” roles.
Investigative Analyst (Criminal Analyst)
Cyber Google Security Operations - Consultant
Senior Data Security Analyst - Data Classification & Governance
San Francisco, CA $128,000.00-$178,000.00 2 weeks ago Senior Security Engineer, Corporate Security
Cyber Google Security Operations - Manager
Cyber Google Security Operations - Senior Consultant
Sr Staff, InfoSec Engineer - Security Architecture
San Francisco, CA $174,400.00-$231,200.00 1 month ago Cyber Google Security Operations AI Focus - Senior Consultant
Manager, Information Security Innovation Engineer (Automation and Innovation)
Senior Security Engineer, Hardware Detection
Sr Staff, Infosec Engineer - Selling Channel Security
San Francisco, CA $174,400.00-$231,200.00 1 month ago Lead Vulnerability Management Researcher
San Francisco, CA $112,300.00-$161,400.00 2 weeks ago Sr Analyst, Finance Business Intelligence
Director of Enterprise Sales (Cyber Threat Intelligence Focus) - United States of America
Director, Product Management, VMDR - Risk-Based Vulnerability Management
VP Product Marketing (onsite Redwood City preferred)
Redwood City, CA $200,000.00-$230,000.00 1 week ago San Francisco, CA $84,000.00-$115,200.00 2 days ago Walnut Creek, CA $150,000.00-$165,000.00 1 month ago San Francisco, CA $120,000.00-$135,000.00 4 days ago San Rafael, CA $105,000.00-$145,000.00 2 weeks ago San Francisco, CA $108,000.00-$150,000.00 8 hours ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr
Lead Security Analyst - GRC
role at
Collective Health Join to apply for the
Lead Security Analyst - GRC
role at
Collective Health At Collective Health, we’re transforming how employers and their people engage with their health benefits by seamlessly integrating cutting-edge technology, compassionate service, and world-class user experience design.
You’ll lead initiatives that address the company’s—and some of our industry’s—most sophisticated and meaningful security engineering challenges. You will build relationships across all parts of the business and drive multi-functional initiatives to continuously improve our security and privacy posture. You will be responsible for building and implementing controls that can scale and optimize as we move into a context-aware security environment.
What You'll Do
Governance & Compliance:
Evaluate and implement security controls based on frameworks such as NIST, CIS, HIPAA, SOC 2, and HITRUST. Develop and maintain policies, procedures, and documentation (controls, narratives, matrices). Lead SOC 2 and HITRUST audit engagements, from audit planning through remediation. Coordinate and monitor third-party risk assessments and compliance reviews. Own and lead BCP (Business Continuity Planning) and BIA (Business Impact Assessments) efforts. Build and maintain security risk registry
Audit & Risk Management
Perform audit readiness assessments, and support internal/external audits. Partner with external auditors, control owners, and leadership to minimize business disruption. Track and drive remediation plans based on audit findings and compliance gaps. Maintain and communicate exception documentation for policy deviations. Educate and guide control/risk owners on their responsibilities.
Advisory & Communication
Act as a liaison between technical and non-technical stakeholders. Respond to security questionnaires, RFIs, and client compliance inquiries. Develop and deliver security awareness and training programs. Provide executive reporting on program status, risks, and overall health.
Required
To be successful in this role, you'll need:
8+ years in cybersecurity, GRC, audit, or risk/compliance roles. Experience managing SOC 2 / HITRUST audits, especially in cloud-native environments. Strong working knowledge of security frameworks and regulatory requirements. Demonstrated policy, data management, and risk mitigation capabilities. Familiarity with GRC tools and audit processes. Excellent communication and cross-functional collaboration skills.
Preferred (Nice To Haves)
Big 4 accounting firm background. Professional certifications: CISSP, CISA, CRISC, CISM, or similar.
Pay Transparency Statement
This is a hybrid position based out of one of our offices: San Francisco, CA, Plano, TX, or Lehi, UT. Hybrid employees are expected to be in the office two days per week.
The actual pay rate offered within the range will depend on factors including geographic location, qualifications, experience, and internal equity. In addition to the salary, you will be eligible for stock options and benefits like health insurance, 401k, and paid time off. Learn more about our benefits at https://jobs.collectivehealth.com/benefits/.
San Francisco, CA Pay Range
$168,000—$210,000 USD
Lehi, UT Pay Range
$134,500—$168,000 USD
Plano, TX Pay Range
$147,800—$185,500 USD
Why Join Us?
Mission-driven culture that values innovation, collaboration, and a commitment to excellence in healthcare Impactful projects that shape the future of our organization Opportunities for professional development through internal mobility opportunities, mentorship programs, and courses tailored to your interests Flexible work arrangements and a supportive work-life balance
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Collective Health is committed to providing support to candidates who require reasonable accommodation during the interview process. If you need assistance, please contact recruiting-accommodations@collectivehealth.com.
Privacy Notice
For more information about why we need your data and how we use it, please see our privacy policy: https://collectivehealth.com/privacy-policy/.
Seniority level
Seniority level Mid-Senior level Employment type
Employment type Full-time Job function
Job function Information Technology Industries Hospitals and Health Care Referrals increase your chances of interviewing at Collective Health by 2x Sign in to set job alerts for “Security Analyst” roles.
Investigative Analyst (Criminal Analyst)
Cyber Google Security Operations - Consultant
Senior Data Security Analyst - Data Classification & Governance
San Francisco, CA $128,000.00-$178,000.00 2 weeks ago Senior Security Engineer, Corporate Security
Cyber Google Security Operations - Manager
Cyber Google Security Operations - Senior Consultant
Sr Staff, InfoSec Engineer - Security Architecture
San Francisco, CA $174,400.00-$231,200.00 1 month ago Cyber Google Security Operations AI Focus - Senior Consultant
Manager, Information Security Innovation Engineer (Automation and Innovation)
Senior Security Engineer, Hardware Detection
Sr Staff, Infosec Engineer - Selling Channel Security
San Francisco, CA $174,400.00-$231,200.00 1 month ago Lead Vulnerability Management Researcher
San Francisco, CA $112,300.00-$161,400.00 2 weeks ago Sr Analyst, Finance Business Intelligence
Director of Enterprise Sales (Cyber Threat Intelligence Focus) - United States of America
Director, Product Management, VMDR - Risk-Based Vulnerability Management
VP Product Marketing (onsite Redwood City preferred)
Redwood City, CA $200,000.00-$230,000.00 1 week ago San Francisco, CA $84,000.00-$115,200.00 2 days ago Walnut Creek, CA $150,000.00-$165,000.00 1 month ago San Francisco, CA $120,000.00-$135,000.00 4 days ago San Rafael, CA $105,000.00-$145,000.00 2 weeks ago San Francisco, CA $108,000.00-$150,000.00 8 hours ago We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
#J-18808-Ljbffr