Information Security Analyst at Wellframe

| Greater Boston Area
Sorry, this job was removed at 11:11 a.m. (EST) on Tuesday, June 16, 2020
Find out who's hiring in Boston.
See all Operations jobs in Boston
If you or a loved one has ever experienced a major medical event, you know how overwhelming it is to process the flood of information that follows—whether it’s hastily delivered guidance from your doctor, or a pile of paperwork on managing your recovery. And once you get home, it can feel impossible to know where to start, or how to stay on track to reach your health goals.
At Wellframe, we’re helping healthcare organizations fill this gap, so people can get the holistic resources and support they need to feel their best, outside traditional care delivery settings. Through our patented platform, Wellframe translates evidence-based, peer-reviewed guidelines and literature into an interactive daily checklist delivered to patients through the Wellframe mobile app. As patients engage with the Wellframe app, their data is shared in real time with their care team through the care team dashboard, which utilizes advanced algorithms to generate early intervention alerts. With secure two-way messaging, Wellframe facilitates long-term, trusted relationships between patients and care teams.
The Security and IT teams are responsible for protecting company resources, as well as enabling users to work efficiently with technology solutions and hardware.
This role is responsible for the security compliance program for organizational applications and infrastructure. This role ensures compliance with internal security requirements in key IT areas, including performing security assessments and on-going evaluations for organizational compliance and risk management frameworks; e.g., SOC 2, HIPAA, HITRUST, ISO/IEC 27001, NIST, FedRAMP, etc., reviewing enterprise agreements related to information systems and/or architecture, responding to security questionnaires, administering information security policies and procedures, performing risk assessments, and assisting with business continuity and disaster recovery plans.
Areas of Responsibility:

Assessment and Analysis

  • Assist with administration, management, and reporting for security assessments and on-going monitoring activities; e.g., SOC 2 Type II, NIST, ISO/IEC 27001, HIPAA, GDPR, etc.
  • Perform security control assessments using applicable frameworks and projects to fulfill resulting corrective action plans
  • Work with external auditors to complete company audits
  • Work closely with the Legal & Privacy team on regulatory compliance requirements
  • Perform assessments on prospective and current vendors
  • Provide responses to security questionnaires supporting due diligence and risk management activities for existing and/or prospective customers

Security and Technical Operations

  • Develop, document, and disseminate professionally written reports and visual presentations to all staff levels; e.g., executive staff, program managers, technical teams, etc., about security assessment conclusions, recommendations, and remediation strategies
  • Assist in managing automated technical solutions, as well as manual procedures, to document and manage risks to organizational information assets and resources
  • Test information security controls, across multiple business processes and/or locations, ensuring implementation techniques meet the intent of organizational compliance frameworks and security requirements
  • Update policies and procedures describing security requirements, guidance, and standards for organizational information systems and architecture
  • Maintain detailed records and reports
  • Review industry-accepted sources of information to stay ‘up-to-date’ on information security principles and standards related to new business IT strategies or development of information systems
  • Review proposed changes to information systems and provide approval/disapproval with explicit consideration for security impact analyses
  • Review security logs and alerts to investigate and respond to security events

Strategic Planning

  • Assist in the development, documentation, and dissemination of information security policies and procedures describing security requirements, guidance, and standards for organizational information systems and architecture
  • Promote security awareness throughout company

Education, Experience, and Skills Required:

  • 5+ years of related experience in internal auditing and information security roles
  • Bachelor Degree in Computer Science, Information Security, Information Technology or related discipline, or equivalent combination of education and experience required
  • Experience working with software development and the agile framework
  • Experience working within a regulated industry with strong preference given to healthcare
  • Security and compliance certification (CISM, CGEIT, CISA, CISSP, HCISPP) preferred
  • Experience with performing security assessments
  • Knowledge of security best practices for cloud architecture 
  • Some off hours work and travel may be required. 

Behaviors and Traits:

  • Demonstrated ability to operate as a trusted security advisor
  • Excellent analytic skills and ability to effectively establish and achieve security requirements in collaboration with other departments and teams
  • Strong written and verbal communication skills
  • Support Wellframe’s mission by exhibiting Tenacity, Humility, and Collaboration 

Wellframe, Inc. is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status or any other characteristic protected by local, state, or federal laws, rules, or regulations.
This posting is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee and any percentages listed are approximate. Duties, responsibilities and activities may change or new ones may be assigned at any time with or without notice.

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
  • Product
  • Sales & Marketing
    • JavaLanguages
    • KotlinLanguages
    • PythonLanguages
    • RubyLanguages
    • ScalaLanguages
    • ReactLibraries
    • SparkFrameworks
    • CassandraDatabases
    • PostgreSQLDatabases
    • InVisionDesign
    • SketchDesign
    • JIRAManagement
    • TrelloManagement
    • SalesforceCRM


Located in the Seaport, we are a short walk from South Station and surrounded by great lunch spots and coffee shops.

An Insider's view of Wellframe

What are some social events your company does?

Wellframe’s social events go beyond the regular happy hours (which we also do). Earlier this week, my team went bowling; with the Women of Wellframe group, we watched Ocean’s 8 together and have a potluck picnic coming up; and later this summer, we’ll all indulge in a beach day. It’s all made me feel a part of the company even as a new member.


Client Operations Associate

What's the biggest problem your team is solving?

Wellframe's engineering team is passionate about blending data, cutting edge technologies and security to build products that have a direct positive impact on patients' quality of life. To that end, we are currently designing the next generation of our architecture while expanding our infrastructure.



What is your vision for the company?

We see an opportunity over the coming years to work with more and more organizations that allow us to impact more patients more profoundly, and so we are investing a lot to not only grow commercially and bring on more clients and new partnerships, but to take on more ownership over helping our partners engage more with their patients or members.


President & CEO, Co-Founder

What makes someone successful on your team?

Tenacity: We go the extra mile to make our partners successful and inspire each other with our thirst for excellence.
Collaboration: We work constructively across disciplines to solve hard problems together.
Humility: We are never finished learning and growing, and we value the perspective and experiences of those around us.


Senior Director of People & Culture

What are Wellframe Perks + Benefits

Wellframe Benefits Overview

Wellframe recognizes that an employee benefits program is necessary for the health and well-being of our employees and their families. We are pleased to offer our employees one of the most competitive and comprehensive benefits packages in the industry.

Volunteer in local community
Wellframe participates in quarterly volunteer activities. In the past we've volunteered at More than Words, Community Servings, Boston Healthcare for the Homeless and West End Boys and Girls Club.
Friends outside of work
Eat lunch together
Intracompany committees
Daily stand up
Team owned deliverables
Team based strategic planning
Group brainstorming sessions
Pair programming
Open office floor plan
Unconscious bias training
Interview training is conducted at Wellframe 1-2 a year to minimize bias in the interview process.
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Retirement & Stock Options Benefits
Company Equity
Performance Bonus
Child Care & Parental Leave Benefits
Flexible Work Schedule
Family Medical Leave
Vacation & Time Off Benefits
Generous PTO
Paid Holidays
Paid Sick Days
Employees receive 40 hours per year of paid sick leave.
Perks & Discounts
Casual Dress
Commuter Benefits
Company Outings
Stocked Kitchen
Some Meals Provided
Twice a week in-office lunches
Happy Hours
Recreational Clubs
Fitness Subsidies
Professional Development Benefits
Job Training & Conferences
Lunch and learns
Wellframe hosts Lunch and Learns once a month.
Cross functional training encouraged
Promote from within
Online course subscriptions available
More Jobs at Wellframe7 open jobs
All Jobs
Data + Analytics
Dev + Engineer
Data + Analytics