Senior Security Engineering Business Analyst

We’re changing the way people connect to social care. 
At findhelp, we’ve built a comprehensive platform of products and services that make it easy for you to connect people to resources, follow them on their journey, and track your impact in a fast and reliable way. Our industry-leading social care network includes more than half a million local, state, and national programs that serve every ZIP Code in the country, from rural areas to major metropolitan centers. Findhelp is headquartered in Austin, Texas and has been enabling healthcare, government, education, and other organizations to connect people with the social care resources that serve them, with privacy and security, since 2010.
As a mission driven organization, we are focused on creating a positive impact by connecting people in need to the programs that serve them with dignity and ease. Powered by our proprietary technology that enables people to find the resources available in their area, we have helped millions of Seekers find food, health, housing and employment programs.
As a Senior Security Engineering Business Analyst at findhelp, you will play a key role in the planning and execution of features, enhancements, bugs, and other work done by our Cloud Infrastructure and Security engineering team. This work pertains to work we identify as being necessary as well as that which is required to comply with various compliance regimes such as HITRUST, TXRAMP, and FedRAMP. Wearing the Scrum Product Owner hat, you’ll partner with the R&D, Security, and Compliance teams to guide efficient and secure implementations in our application and infrastructure. You will also play a leading role in collecting and preparing evidence for audits.You will also be on the front lines with our engineering teams reducing our risk by developing, maintaining, and reporting on solutions that improve our security and compliance efforts.

Responsibilities and Duties:

• Partner with R&D Leadership to deliver high-quality, high-value, and secure software solutions
• Provide a clearly-defined, well-organized, prioritized backlog of features, bugs, and other requests for the Cloud Infrastructure and Security team
• Negotiate scope and timelines based on priority, customer needs, existing commitments, and team capacity and availability
• Break large and complex technical projects into smaller, iterative steps to streamline and optimize value delivery
• Write clear, well-scoped, technically sound, and testable technical acceptance criteria and collaborate with the Cloud Infrastructure team to determine the best way to deliver the desired outcomes
• Identify, minimize, and track cross-team dependencies
• Partner with the Security and Compliance teams to ensure we are solving root problems and our solutions are aligned with business priorities and goals
• Foster strong relationships across multiple teams to build consensus and collaboration
• Support our existing HIPAA, HITRUST, TXRAMP, and FedRAMP compliance programs through evidence collection, assessment and report writing, and interaction with vendors, auditors, and customers as well doing gap analyses for future compliance programs
• Drive our independent and internal penetration and vulnerability scanning efforts
• Lead efforts to automate our compliance program to shorten response times
• Conduct regular system audits and continuous monitoring to ensure controls are being adhered to
• Contribute to our efforts to grow at scale,  ensuring we are prepared for rapid growth by anticipating additional technology needs and capacity.

Qualifications:

• 5+ years of compliance experience in the healthcare and/or government sectors, ideally in cloud-based web or SaaS products  
• Broad knowledge of GRC Frameworks:  HITRUST, NIST 800-53, TXRAMP, FedRAMP
• Strong understanding of IT terminology and processes including Engineering & Operations
• Willingness to get your hands dirty doing the detailed work required to translate complex compliance requirements into an Engineering context
• Excellent written and oral communication skills needed to document security requirements for internal audiences and compliance evidence for external audiences 
• Professional certifications from organizations such as ISC2 or ISACA (e.g. CRISC, CGEIT, COBIT, or CISSP) and Google Cloud preferred
• Experience with GCP and cloud-based security tools preferred
• An experienced servant leader helping teams build the best possible solutions for our customers 
• Documented history of getting things done and working tactically on complex solutions
• Deep experience in Agile environment, shipping incremental value directly with engineering

Perks at findhelp •401k & stock options •Free food and onsite gym at our Austin HQ •Paid parental leave•Competitive PTO & 10 paid holidays•Health, dental, and vision insurance•Pet-friendly office with attached dog park at our Austin HQ•24/7 access to telemedicine and counseling•Book Purchasing Program
We’re building a diverse, inclusive team
You’re welcome here. We want everyone to be able to easily connect to the help they need, and we want our teams to reflect and represent our communities. It is our policy to recruit, hire, train, and promote individuals, as well as administer any and all Company policies, without regard to age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin or ancestry, physical and mental ability, political affiliation, race, religion, creed, sexual orientation, socio-economic status, veteran status, or any other protected class, in accordance with applicable laws. Accommodations are available for applicants with disabilities.
Here are some of the ways we support our staff:•Culture Committee •Leadership Development Training•Paid Volunteering Time