• Ensure the organization complies with relevant regulatory requirements (e.g., GDPR, HIPAA, CCPA/CPRA) and industry standards (e.g., ISO 27001, SOC 2, NIST CSF, PCI DSS). • Develop, implement, and maintain information security policies, standards, and guidelines. • Conduct regular audits and assessments to identify gaps and ensure adherence to compliance frameworks. • Lead in risk assessments to evaluate potential security threats and vulnerabilities. • Collaborate with cross-functional teams to remediate compliance gaps and reduce risks. • Act as the primary liaison for internal and external audits, including regulatory audits, client security assessments, and third-party audits. • Proactively stay up to date with changes in regulatory and compliance requirements, as well as industry trends.

• Manage SOC 2 Type II audit cycles from scoping through evidence collection to final report, serving as the primary point of contact for auditors and collaborators. • Coordinate HIPAA compliance assessments, including risk analyses, policy reviews, and Business Associate Agreement (BAA) management. • Conduct structured gap analyses against applicable frameworks (SOC 2, HIPAA, ISO 42001, NIST CSF) to identify control deficiencies and develop prioritized remediation roadmaps. • Track risk mitigation and remediation plans, ensuring accountability and measurable progress against accepted risk thresholds. • Serve as the primary responder to enterprise customer security questionnaires, and engage directly with customers and prospects. • Demonstrate a solid understanding of system and data architecture, including cloud infrastructure, data flows, and access controls, in order to answer technical assessment questions accurately and confidently. • Develop and maintain a reusable security response library (trust portal, standard questionnaire answers, and diagrams) to accelerate future engagements. • Act as a security partner to Engineering, Product, Legal, Sales, and Customer Success, translating security requirements into actionable guidance for non-security audiences. • Participate in architecture and design reviews, ensuring new systems and features meet security and compliance requirements before deployment. • Maintain fluency in artificial intelligence and automation technologies, understanding their security and compliance implications within Rad AI’s platforms. • Leverage AI-assisted tools to improve security operations efficiency, including threat analysis, automated evidence collection, and other cybersecurity workflows.

About Rad AI At Rad AI, we’re on a mission to transform healthcare with artificial intelligence. Founded by a radiologist, our AI-driven solutions are revolutionizing radiology—saving time, reducing burnout, and improving patient care. With one of the largest proprietary radiology report datasets in the world, our AI has helped uncover hundreds of new cancer diagnoses and reduced error rates in tens of millions of radiology reports by nearly 50%. Rad AI has secured over $140M in funding, including a recently oversubscribed Series C ($68M round) led by Transformation Capital, bringing our valuation to $528M. Our investors include Khosla Ventures, World Innovation Lab, Gradient Ventures, Cone Health Ventures, and others—all backing our mission to empower physicians with cutting-edge AI. Our latest advancements in generative AI are used by thousands of radiologists daily, supporting more than one-third of radiology groups and healthcare systems and nearly 50% of all medical imaging in the U.S. at partners including Cone Health, Jefferson Einstein Health, Geisinger, Guthrie Healthcare System, and Henry Ford Health. Recognized as one of the most promising healthcare AI companies by CB Insights and AuntMinnie, and ranked by Deloitte as the 19th fastest-growing company in North America, we are building AI-powered solutions that make a real impact. Most recently, Rad AI was named to CNBC’s Disruptor 50 list, highlighting the innovation and momentum behind our mission. If you’re ready to shape the future of healthcare, we’d love to have you on our team! Why Join Us: Rad AI is redefining the boundaries of artificial intelligence in healthcare. As our Senior Cybersecurity Analyst, you will play a critical role in securing the company, driving compliance programs, managing risks, and serving as a trusted partner to customers and internal teams alike. This is not a purely technical role: it demands equal parts audit, security expertise, project management discipline, and clear communication. This role will report directly to the Director of IT & Cybersecurity. What You'll Be Doing: - Manage SOC 2 Type II audit cycles from scoping through evidence collection to final report, serving as the primary point of contact for auditors and collaborators. - Coordinate HIPAA compliance assessments, including risk analyses, policy reviews, and Business Associate Agreement (BAA) management. - Conduct structured gap analyses against applicable frameworks (SOC 2, HIPAA, ISO 42001, NIST CSF) to identify control deficiencies and develop prioritized remediation roadmaps. - Track risk mitigation and remediation plans, ensuring accountability and measurable progress against accepted risk thresholds. - Serve as the primary responder to enterprise customer security questionnaires, and engage directly with customers and prospects. - Demonstrate a solid understanding of system and data architecture, including cloud infrastructure, data flows, and access controls, in order to answer technical assessment questions accurately and confidently. - Develop and maintain a reusable security response library (trust portal, standard questionnaire answers, and diagrams) to accelerate future engagements. - Act as a security partner to Engineering, Product, Legal, Sales, and Customer Success, translating security requirements into actionable guidance for non-security audiences. - Participate in architecture and design reviews, ensuring new systems and features meet security and compliance requirements before deployment. - Maintain fluency in artificial intelligence and automation technologies, understanding their security and compliance implications within Rad AI’s platforms. - Leverage AI-assisted tools to improve security operations efficiency, including threat analysis, automated evidence collection, and other cybersecurity workflows. Who We're Looking For: - Bachelor’s degree in Information Security, Computer Science, or a related field. - 6+ years of experience in cybersecurity, with at least 2 years of hands-on involvement in compliance programs or security audits. - Demonstrated experience leading or significantly contributing to SOC 2 through full audit lifecycle. - Practical knowledge of risk management frameworks (NIST RMF, ISO 42001, FAIR) and risk treatment processes. - Experience responding to enterprise customer security questionnaires and interfacing directly with customers on security topics. - Strong project management skills with the ability to manage multiple concurrent workstreams in a fast-paced environment. - Ability to communicate complex security and compliance topics clearly to both technical and non-technical audiences, including in customer-facing settings. - Experience reviewing and maintaining information security policies and procedures. - Active security certifications; ideally a CISSP and CISA. Nice to Haves: - Healthcare industry experience and understanding of healthcare data handling obligations. - Experience with project management methodologies (PMP, Agile, Scrum) or formal project management training. - Familiarity with additional compliance frameworks: ISO 27001, NIST CSF, or HITRUST. - Knowledge of DevSecOps practices and integration of security into CI/CD pipelines. Join our world-class team as we build and deploy AI solutions that empower physicians and transform patient care—making a meaningful impact on millions of lives. Driven by our mission, we prioritize transparency, inclusion, and close collaboration, bringing together exceptional people to revolutionize healthcare. If you're passionate about driving innovation and delivering impactful healthcare solutions, we'd love to hear from you! To learn more about what it's like to work at Rad AI, visit https://www.radai.com/life-at-rad-ai For US-Based Full-Time Roles, Rad AI offers a variety of benefits, including: - Comprehensive Medical, Dental, Vision & Life insurance - HSA (with employer match), FSA, & DCFSA - 401(k) - 11 Paid Company Holidays - Location Flexibility (Remote-first company!) - Flexible PTO policy - Annual company-wide offsite - Periodic team offsites - Annual equipment stipend - For roles based outside the US, your recruiter can share more details At Rad AI, we value diversity and provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance. Please be vigilant regarding job scams. We advise all candidates to apply directly through our official careers page. Our recruiters will use email addresses with the domain @radai.com or no-reply@ashbyhq.com.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Information Security Analyst plays a vital role in reactively securing our client networks. The role is perfect for someone who enjoys working in a fast-paced environment, has the ability to multitask and prioritize, and has strong written and verbal communication skills. The right candidate will triage incoming alerts and take the appropriate remediation steps to ensure our clients can remain productive while being secured. - Triage incoming alerts, prioritizing by impact and urgency. - Ensure appropriate client facing and internal communications. - Follow established guidelines to detect, respond to and limit the effects of an information security event. - Escalate the company's response efforts based on the severity of the incident. Qualifications - 2-4 years of experience working in an Information Security capacity. - No College Education Required. - CompTIA Security+ or similar. - ISC2 SSCP (Substitute for Security+). - Experience working with US clients or companies. Requirements - Security tools such as EDR, MDR, SIEM. - Windows desktop and server operating systems. - Microsoft 365 and Azure Active Directory. - Familiarity with Email threat protection tools and concepts. Soft Skills - Excellent organizational skills to manage multiple tasks and alerts simultaneously. - Outstanding communication skills, both verbal and written, with the ability to manage client communications and team interactions proficiently. - Ability to work collaboratively within a team environment, including cross functional teams. - Ability to make informed and timely decisions in high-pressure situations, such as during a security incident. - Ability to adapt to new security challenges, technologies, and industry trends. Benefits - Competitive Salary (USD Based). - Permanent WFH. - Professional Growth and Training. - Supportive Work Environment. Additional Comments - This is a full-time position. - Days and hours of work will include 5 days with 9 hour shifts. The assigned scheduled shift will be agreed upon between Sec Ops Manager and InfoSec Analyst. - Due to the nature of the work, you may be required to fulfill on-call, incident response duties as part of a night and weekend rotation. Additional work hours may also be required during incident remediation events.