Security and Compliance Analyst
Limeade is a software company that elevates the employee experience and helps build great places to work. The Limeade ONE platform offers employee well-being, engagement, inclusion and communications solutions in one seamless user experience. Recognized for its own award-winning culture, Limeade helps every employee know their company cares.
We’re committed to creating a mission-driven, positive culture of improvement made up of the best and brightest people in the business. And we’ve got the awards to back it up: Puget Sound Business Journal ranked us #1 Best Workplace in Washington, and Seattle Business ranked us one of the top three Best Companies to Work for in Washington State. We’re one of the fastest-growing companies in North America (Deloitte’s Technology Fast 500™), and Fortune magazine recognized us as a Best Workplace for Women. Learn more at www.limeade.com.
About the role:
This is an essential role on the Limeade Information Security Team working with our customers around security-related concerns and questions. As a Security Analyst you will learn Limeade Security capabilities, communicate these to customers through our RFI/RFP process and help ensure Limeade smooth and continuous adoption of SSAE 16/ISAE 3402 SOC Type II certification. This role is positioned to lead our continuous Security improvement process(es) and can be a prominent face of Limeade security.
- Represent Limeade Security Posture to our Customers
- Prepare and respond to security concerns from Limeade customers presented via the Sales Channel process as RFP or RFI questionnaires.
- Build and manage third party risk management program, including owning and maintaining Limeade SIG and SIG Lite documents.
- Represent Security and R&D in the RFP process automation initiatives with the intent to harvest knowledge from answers and provide Sales Channel self-help.
- Manage and facilitate telephone calls with customers on specific security concerns.
- Participate in the development and monitoring of changes to systems, policies, and procedures for evaluating the effectiveness of controls and the level of risk.
- Maintain the Limeade Risk Assessment Register and provide quarterly summary reports on risks, controls and status on high risks topics from a business perspective.
- Major role in our yearly Limeade Security Audits (SOC 2 Type II)
- Prepare, with a strategic approach, the annual audit report in line with the Organization’s changing processes; describe framework and approach to Organization, obtain responses from Organization management, and review responses prior to submitting to the Director of IT.
- Assist the organization with engagement and controls specific to organizational teams.
- Execute annual audit plan, coordinating efforts with external auditors to avoid unnecessary costs and duplication of effort.
- Provide Limeade Employee Security Training
- Prepare, enhance and personalize security training across the organization for clear guard rails by role with appropriate actions.
- Integrate training into the Limeade health platform and ensure that mandatory training is adhered.
- Implement KnowBe4 security training programs at Limeade.
- Provide International Security guidance
- Work with internal/external legal entities and the Limeade development leadership, including the CTO, to understand international policies including GDPR, ISO 2700x, Safe Harbor, and Privacy Shield and their organizational impact to the Limeade business capabilities.
- Provide guidance for Compliance
- Developing policies and procedures to ensure compliance
- Member of Security Steering Committee – propose changes to this committee
- Respond to privacy inquiries
- Ability to demonstrate our values in an ongoing and consistent way
- Security certification(s), such as Security+, CCSK, CIPP, CCSP, CISM, and/or CISSP
- Excellent written and speaking abilities to educate people with non-technical and non-security backgrounds on security and compliance principles and subjects
- Understanding of HIPAA law and how it applies to SaaS companies in health care
- Strong knowledge of third-party risk and relationship management
- 2+ years security audit and/or risk/compliance experience
- Able to manage bigger projects, such as a SOC2 audit
- Understanding of defense in depth and ability to make recommendations on products and services to meet the needs of Limeade security and privacy under HIPAA and GDPR.
Limeade provides equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, pregnancy, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Limeade will provide reasonable accommodations for qualified individuals with disabilities.