Senior Security Compliance Analyst
Company: OneStudyTeam
Location: Boston
Posted on: February 19, 2026
|
|
|
Job Description:
Job Description Job Description At OneStudyTeam (a Reify Health
company), we specialize in speeding up clinical trials and
increasing the chance of new therapies being approved with the
ultimate goal of improving patient outcomes. Our cloud-based
platform, StudyTeam, brings research site workflows online and
enables sites, sponsors, and other key stakeholders to work
together more effectively. StudyTeam is trusted by the largest
global biopharmaceutical companies, used in over 6,000 research
sites, and is available in over 100 countries. Join us in our
mission to advance clinical research and improve patient care. One
mission. One team. That's OneStudyTeam. We are seeking a Senior
Security Compliance Analyst with expertise in Governance, Risk, and
Compliance (GRC) to support and enhance our security and compliance
programs within the healthcare industry. This role is critical in
ensuring adherence to industry regulations, responding to customer
audits, and maintaining compliance with ISO 27001, HIPAA, and other
security frameworks. The ideal candidate will be a detail-oriented
compliance expert who can navigate complex regulatory environments,
assist with internal/external audits, and drive continuous
improvement in security governance. The ideal candidate must be
able to operate independently while delivering on the following
duties. What You'll Be Working On: Lead and support customer
security audits, responding to security questionnaires and
demonstrating compliance with security frameworks. Prepare,
coordinate, and manage ISO 27001 audits, including evidence
collection, control implementation, and auditor engagement. Ensure
ongoing compliance with HIPAA, NIST CSF, and other regulatory
requirements applicable to healthcare data security. Develop and
maintain policies, procedures, and security documentation to meet
regulatory and contractual obligations. Perform gap analyses and
risk assessments to identify and remediate compliance risks. Manage
and improve security governance frameworks, ensuring alignment with
industry best practices and business objectives. Conduct
third-party vendor risk assessments, ensuring compliance with
security policies and contractual obligations. Monitor security
controls, ensuring effectiveness and continuous improvement in
alignment with security frameworks. Support security awareness
training initiatives, ensuring employees understand compliance
responsibilities. Stay current on ISO 27001, HIPAA, NIST 800-53,
and other relevant standards, translating them into actionable
security controls. Assist in defining security metrics and
reporting on compliance status and risk posture to leadership. Work
closely with legal, security, IT, and business teams to align
compliance requirements with security operations. What You'll Bring
to OneStudyTeam: Bachelor's degree in Information Security,
Computer Science, Risk Management, or related field (or equivalent
experience). 8 years of progressive experience in GRC, compliance,
or security audit roles. Experience in healthcare or regulated
industries strongly preferred. Certifications strongly preferred:
ISO 27001 Lead Auditor/Implementer, CISSP, CISM, CISA, HITRUST
CCSFP, CRISC. Experience leading ISO 27001, SOC2, or HITRUST
audits, including ISMS implementation and external audit
coordination. Strong understanding of NIST CSF, SOC 2, GDPR, and
other security frameworks. Hands-on experience with customer
security audits, including responding to security questionnaires
and managing security assessments. Ability to perform risk
assessments, policy reviews, and compliance gap analyses. Strong
written and verbal communication skills, with the ability to
explain technical concepts to non-technical stakeholders.
Detail-oriented with excellent organizational and project
management skills. Ability to work independently and
collaboratively in a remote environment. Familiarity with GRC tools
(e.g., OneTrust, LogicGate, Archer, Vanta, Drata) is a plus. We
value diversity and believe the unique contributions each of us
brings drives our success. We do not discriminate on the basis of
race, sex, religion, color, national origin, gender identity, age,
marital status, veteran status, or disability status. Note :
OneStudyTeam is unable to sponsor work visas at this time. If you
are a non-U.S. resident applicant, please note that OneStudyTeam
works with a Professional Employer Organization. As a condition of
employment, you will abide by all organizational security and
privacy policies. This organization participates in E-Verify
(E-Verify's Right to Work guidance can be found here). Mandatory
Employer Disclosures: Notice to Illinois applicants: Applicants are
not obligated to disclose expunged juvenile records or
adjudication, arrest, or conviction. Notice to Connecticut
applicants: OneStudyTeam may require applicants to submit to a
urinalysis drug test in connection with an application for
employment. Notice to Arizona, Georgia, Indiana, and North Dakota
applicants: OneStudyTeam complies with applicable laws prohibiting
smoking in and around places of employment. Notice to Massachusetts
applicants: It is unlawful in Massachusetts to require or
administer a lie detector test as a condition of employment or
continued employment. An employer who violates this law shall be
subject to criminal penalties and civil liability. Notice to Rhode
Island applicants: OneStudyTeam complies with Rhode Island law
prohibiting smoking in enclosed areas within places of employment.
OneStudyTeam is also subject to is subject to Chapters 29–38 of
Title 28 of the Rhode Island General Laws. Notice to Maryland
applicants: UNDER MARYLAND LAW, AN EMPLOYER MAY NOT REQUIRE OR
DEMAND, AS A CONDITION OF EMPLOYMENT, PROSPECTIVE EMPLOYMENT, OR
CONTINUED EMPLOYMENT, THAT AN INDIVIDUAL SUBMIT TO OR TAKE A LIE
DETECTOR OR SIMILAR TEST. AN EMPLOYER WHO VIOLATES THIS LAW IS
GUILTY OF A MISDEMEANOR AND SUBJECT TO A FINE NOT EXCEEDING
$100.
Keywords: OneStudyTeam, Woonsocket , Senior Security Compliance Analyst, IT / Software / Systems , Boston, Rhode Island
