Information Security Compliance Engineer (Remote)

About Freenome 

Freenome is a high-growth biotech company on a mission since 2014 to create tools that empower everyone to prevent, detect, and treat their disease.  To achieve this mission, Freenome is developing next-generation blood tests to detect cancer in its earliest, most treatable stages using our multiomics platform and machine learning techniques. Our first blood test will detect early-stage colorectal cancer and advanced adenomas.

About the Role

Information Security Compliance Engineer will oversee execution of our end-to-end audit requirements and support 3rd party auditor relationships, respond to Security Questionnaires for new customers and partners, maintain accuracy of our policies and procedures and adherence to our Security Awareness Program. This position will report directly to the Director of Information Security.

Your contribution:

• Responsible for working directly with internal Security, Product and Engineering, Legal, Operations and Business Stakeholders as well as with third-party auditors to communicate compliance mandates and maintain annual compliance against published standards (HIPAA, HITRUST, NIST 800-53, SOC2, ISO27001) and Privacy programs.
• Assess internal and production environments on an ongoing basis to meet compliance.
• Collect and analyze audit artifacts to support continuous compliance and drive audit activities by utilizing Governance Risk and Compliance Tool.
• Work across organization boundaries to drive compliance requirements and security controls.
• Communicate the progress and results of audits throughout the engagement.
• Able to respond to and understand Security Questionnaires from a variety of customers or partners.
• Drive the delivery and reporting of security awareness training compliance and enhance the program to continue to build a security aware organization.
• Contribute to the continuous evolution of our compliance program, create control lifecycle processes, and ensure appropriate mappings to industry standards.
• Work with stakeholders and teams to strategize on automation strategy for evidence collection and continuous control monitoring.
• Ability to assess an operational or security challenge/opportunity and determine best future state potentially leveraging technology/automation.
• Proactively look for areas of improvement and provide value added advice and insight on process and controls improvements, policy and standards change and drive continuous advancement of compliance automation capabilities.
• Manage and assist engineering and product teams on all security and compliance related technical components.
• Create and maintain compliance related documents, such as Policies, Procedures, Standards and Guidelines.
• Develop measurements and metrics of the program to report up to management.
• Perform all other Information Security related duties as assigned and contribute to the success of the Information Security Team.

Your background, perspective and experience: 

• 4+ years of relevant industry experience in such a role.
• B.S. or M.S. in Computer Science or a related technical field, or comparable experience.
• Project managing regulatory audits, and information security audits in a regulated environment requiring compliance with standards and regulations such as HIPAA, HITRUST, SOC2, ISO27001, CCPA, and GDPR.
• Ability to gather and perform due diligence on the evidence in support of audits.
• Ability to work independently as a self-starter in a fast-paced environment.
• Hands-on experience in vulnerability assessment, red- and blue-teaming and penetration testing.
• Able to conduct internal audits and audit report generation.
• You enjoy working with a team and alone as the situation dictates.
• Well organized with good time management.

Nice to haves:

• You have unwavering personal integrity and work ethic.
• You are proactive.
• A systematic problem-solving approach, coupled with effective communication skills and a sense of ownership and drive.
• Risk Management experience.
• Google Cloud Platform experience.
• Genomics or bioinformatics background.

COVID safety:

As a condition of employment, you agree to know and comply with our COVID-19 vaccination policy requiring all employees who work on-site and/or attend work-related events to be fully vaccinated and to receive a COVID-19 booster once eligible. Company employees working on-site are required to be fully vaccinated for COVID-19 and to receive a COVID-19 booster once eligible, unless a reasonable accommodation is approved or as otherwise required by law. Absent a reasonable accommodation or legal exception, you agree to provide proof of your vaccination status and to be fully vaccinated by your first day on-site, in accordance with our policy.  If you are currently eligible for a COVID-19 booster, you also agree to provide proof of having received a booster.  If you are not yet eligible for a COVID-19 booster, you must provide proof of receiving a booster within two weeks of becoming eligible.

Freenome is proud to be an equal opportunity employer and we value diversity. Freenome does not discriminate on the basis of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law.

Funding

We have raised more than $1.1B from leading investors including Perceptive Advisors, RA Capital Management, Roche Venture Fund, Kaiser Permanente, Novartis and the American Cancer Society’s BrightEdge Ventures. 

Freenomers

A ‘Freenomer’ is a mission-driven employee who is fueled by the opportunity to make a positive impact on patients' lives, who thrives in a culture of respect and cross collaboration, and whose work makes a significant impact on the company and their career. 

Freenomers are technical, creative, visionary, grounded, empathetic and passionate. We build teams around divergent expertise, allowing us to solve problems and ascertain opportunities in unique ways. Freenomers are some of the most talented experts in their fields, joining together to advance healthcare, one breakthrough at a time. 

Benefits include but are not limited to:

• Competitive compensation 
• Pre-IPO equity
• Flexible PTO (exempt) and generous PTO (non-exempt) 
• Comprehensive health coverage, including medical, dental, and vision 
• Wellness and mental health resources, including Employee Assistance Programs (EAPs), Paid maternity and paternity leave
• 401(k) plan 
• $250.00 new hire stipend to enhance your home office experience
• Plus, a variety of other perks, including pre-tax commuter benefits, two paid volunteer days per year, pet insurance, and additional discounts 

# # # 

Applicants have rights under Federal Employment Laws.  

• Family & Medical Leave Act (FMLA)

• Equal Employment Opportunity (EEO)

• Employee Polygraph Protection Act (EPPA)

Notice to agencies:

Our in-house Talent Acquisition Team manages all employment opportunities at Freenome.  Agencies and independent recruiters must be approved as a vendor by Freenome’s Talent Acquisition team before submitting candidates to any Freenome employee. 

We do not accept unsolicited resumes or biographies from agencies under any circumstances. Any unsolicited resumes sent to Freenome, including those sent to a Freenome email address or directly to Freenome employees, will be considered Freenome property. Freenome will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume. Freenome will consider any candidate for whom an Agency has submitted an unsolicited resume to have been referred by the Agency free of any charges or fees. 

Please do not contact Freenome employees directly. Compliance with this request will impact our decision to work with you. 

###

#LI-Remote