[Remote] Client Security Analyst

Note: The job is a remote job and is open to candidates in USA. Included Health is a new kind of healthcare company focused on delivering integrated virtual care and navigation. The Client Security Analyst will manage the client security review process, acting as the primary contact for security questionnaires and collaborating with various teams to ensure timely and accurate responses.

Responsibilities

• Own the end-to-end process for all client and prospect security questionnaires, acting as the central project manager from the initial JIRA ticket to final delivery
• Review, triage, and assign all questions to the appropriate cross-functional teams (e.g., Engineering, IT, Legal), eliminating ambiguity and coordination burdens from the Client Success Managers (CSMs)
• Collaborate with and track progress from all internal stakeholders, actively managing timelines to ensure responses are accurate and completed within established SLAs
• Perform final quality assurance (QA) reviews on all completed questionnaires to ensure the document is cohesive, professional, and all questions are answered before client delivery
• Partner with GRC leadership to develop, document, and refine standardized workflows, creating clear success metrics (e.g., reduced turnaround time)
• Act as the primary point of contact for the Sales and Client Success teams on all security-related inquiries, including escalations for new sales and upsell deals
• Represent the cybersecurity team on calls with clients and prospects, acting as the expert to address security concerns and build trust
• Develop, maintain, and promote a "Trust Center" (e.g., using Whistic) by centralizing existing "Go-To-Market Packet" and other documentation to proactively address common security questions
• Manage the intake process for security reviews of non-standard client agreements, collaborating with Legal to formalize the review of data security and AI clauses
• Support the Third-Party Risk Management (TPRM) program by helping to manage automated workflows that flag high-risk vendors for GRC review
• Assist in communicating and enforcing the required Third-Party Security Addendum (TPSA) for new vendors

Skills

• 3+ years of experience in GRC, risk management, or a security-focused client-facing role
• Demonstrated experience in project management or process coordination
• Direct experience supporting a fast-paced sales or client success team as a security subject matter expert
• Proven ability to manage and respond to client/prospect security questionnaires, RFPs, and security assessments
• Strong understanding of GRC and compliance frameworks, especially HIPAA and SOC 2
• Exceptional client-facing communication skills, with the ability to explain complex security concepts to both technical and non-technical audiences
• Comfortable holding cross-functional partners accountable to deadlines
• Bachelor's degree in a related field
• Experience using JIRA or similar service desk ticketing systems to manage and track workflows
• Experience using GRC, TPRM, or security questionnaire platforms (e.g., Whistic, Vanta, OneTrust, Loopio, RFPio)
• Experience in the healthcare or health tech industry
• Relevant certifications (CISM, CRISC, CISA, etc.)

Benefits

• Remote-first culture
• 401(k) savings plan through Fidelity
• Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
• Paid Time Off ("PTO") and Discretionary Time Off (“DTO”)
• 12 weeks of 100% Paid Parental leave
• Family Building & Compassionate Leave: Fertility coverage, $25,000 for surrogacy/adoption, and paid leave for failed treatments, adoption or pregnancies.
• Work-From-Home reimbursement to support team collaboration home office work

Company Overview

• Included Health provides a combination of virtual care, navigation, and communities-based healthcare services. It was founded in 2011, and is headquartered in San Francisco, California, USA, with a workforce of 1001-5000 employees. Its website is http://www.includedhealth.com.

Company H1B Sponsorship

• Included Health has a track record of offering H1B sponsorships, with 12 in 2025, 9 in 2024, 8 in 2023, 6 in 2022. Please note that this does not guarantee sponsorship for this specific role.

Apply tot his job Apply To this Job