Salary: $90,000-$110,000 Compass Technology is a dedicated internal team for Compass Group delivering enterprise-wide initiatives that support our diverse customer base and enhance our business operations. Our domain encompasses a vast spectrum of opportunities, from hands-on desk support to Cybersecurity, Cloud Engineering, AI, and Modern Application development. We are committed to building robust IT infrastructures, driving digital transformation, and much more. Job Summary The Cyber Security Analyst is a key contributor in the Cybersecurity organization, primarily responsible for designing, administering, and continuously improving Compass Group North America’s phishing simulation and security awareness program. This role focuses on reducing organizational risk from email borne threats—such as phishing, business email compromise (BEC), malware delivery, and credential harvesting—by shaping user behavior through realistic simulations, targeted education, and measurable outcomes. In addition to leading phishing simulation and awareness initiatives, the cyber security analyst provides support for email security alerting and response, including analysis of reported phishing messages and collaboration with Cybersecurity Administration and Incident Response teams when real-world threats are identified. The ideal candidate is detail oriented, metrics driven, and comfortable blending user communication and technical analysis to strengthen Compass’s human layer defenses. Job Responsibilities - Administer the enterprise phishing simulation program, including campaign planning, user segmentation, scheduling, templates, landing pages, and reporting, ensuring simulations reflect current threat trends and business relevant scenarios. - Design and deliver targeted security awareness and training materials, such as microlearning's, job aids, tip sheets, and role or behavior based interventions informed by simulation results and observed attack patterns. - Analyze phishing simulation and awareness metrics, including susceptibility rates, reporting rates, repeat clickers, and false positives, and translate results into actionable insights and recommendations for technical and business stakeholders. - Continuously mature the phishing and awareness program, introducing new attack techniques (e.g., QR phishing, OAuth consent phishing, BEC scenarios) and adjusting cadence, difficulty, and messaging to align with organizational risk priorities. - Partner with Cybersecurity leadership, HR, and Compliance to align phishing simulations and awareness initiatives with policy requirements, training expectations, and broader culture of security objectives. - Serve as a subject matter resource for phishing related education, providing guidance to stakeholders on emerging social engineering trends and prevention strategies. - Monitor email security posture and phishing activity to identify trends and insights that inform awareness content and simulation design. - Coordinate with Incident Response and other cyber teams on confirmed incidents, ensuring lessons learned are fed back into simulations and training content to prevent recurrence. Program and Operational Support - Generate regular metrics for reporting and dashboards covering phishing simulation performance, awareness effectiveness, email threat trends, and communicate results clearly to both technical and nontechnical audiences. - Support tuning and optimization of phishing defense and email security tooling where improvements directly enhance reporting accuracy, user experience, or simulation fidelity. - Document simulations, investigations, and program changes to ensure repeatability, auditability, and continuous improvement. Qualifications & Experience - 3+ years of experience in cybersecurity, security awareness, phishing defense, or a closely related discipline, with hands-on experience supporting phishing simulations and/or user education initiatives. - Practical experience with phishing simulation and email security platforms, ideally including KnowBe4, Abnormal, and/or Proofpoint (or comparable enterprise solutions). - Strong understanding of phishing and social engineering techniques, attacker tradecraft, and how human behavior influences organizational security risk. - Working knowledge of email security fundamentals (message anatomy, headers, URLs, attachments, sender reputation) sufficient to support investigations and accurate training content. - Demonstrated ability to analyze metrics and trends and translate technical data into clear, actionable awareness messaging. Strong written and verbal communication skills, with the ability to engage effectively with technical teams and end users. Experience working with documentation, metrics, and repeatable processes to support program maturity and operational consistency. Apply to Compass Group today! Click here to Learn More about the Compass Story Compass Group is an equal opportunity employer. At Compass, we are committed to treating all Applicants and Associates fairly based on their abilities, achievements, and experience without regard to race, national origin, sex, age, disability, veteran status, sexual orientation, gender identity, or any other classification protected by law. Qualified candidates must be able to perform the essential functions of this position satisfactorily with or without a reasonable accommodation. Disclaimer: this job post is not necessarily an exhaustive list of all essential responsibilities, skills, tasks, or requirements associated with this position. While this is intended to be an accurate reflection of the position posted, the Company reserves the right to modify or change the essential functions of the job based on business necessity. We will consider for employment all qualified applicants, including those with a criminal history (including relevant driving history), in a manner consistent with all applicable federal, state, and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance, the San Francisco Fair Chance Ordinance, and the New York Fair Chance Act. Compass Technology maintains a drug-free workplace. Applications are accepted on an ongoing basis. Associates at Corporate are offered many fantastic benefits. - Medical - Dental - Vision - Life Insurance/ AD - Disability Insurance - Retirement Plan - Paid Time Off - Holiday Time Off (varies by site/state) - Associate Shopping Program - Health and Wellness Programs - Discount Marketplace - Identity Theft Protection - Pet Insurance - Commuter Benefits - Employee Assistance Program - Flexible Spending Accounts (FSAs) - Paid Parental Leave - Personal Leave Associates may also be eligible for paid and/or unpaid time off benefits in accordance with applicable federal, state, and local laws. For positions in Washington State, Maryland, or to be p formed Remotely, click here or copy/paste the link below for paid time off benefits information. https://www.compass-usa.com/wp-content/uploads/2023/08/2023_WageTransparency_CorpAndFoodbuy.pdf Certain positions may require Florida Level 2 background screening. Details: https://info.flclearinghouse.com/ Req ID: 1514147 Compass Technology MARY DICKSON

• Ensure the organization complies with relevant regulatory requirements (e.g., GDPR, HIPAA, CCPA/CPRA) and industry standards (e.g., ISO 27001, SOC 2, NIST CSF, PCI DSS). • Develop, implement, and maintain information security policies, standards, and guidelines. • Conduct regular audits and assessments to identify gaps and ensure adherence to compliance frameworks. • Lead in risk assessments to evaluate potential security threats and vulnerabilities. • Collaborate with cross-functional teams to remediate compliance gaps and reduce risks. • Act as the primary liaison for internal and external audits, including regulatory audits, client security assessments, and third-party audits. • Proactively stay up to date with changes in regulatory and compliance requirements, as well as industry trends.

• Manage SOC 2 Type II audit cycles from scoping through evidence collection to final report, serving as the primary point of contact for auditors and collaborators. • Coordinate HIPAA compliance assessments, including risk analyses, policy reviews, and Business Associate Agreement (BAA) management. • Conduct structured gap analyses against applicable frameworks (SOC 2, HIPAA, ISO 42001, NIST CSF) to identify control deficiencies and develop prioritized remediation roadmaps. • Track risk mitigation and remediation plans, ensuring accountability and measurable progress against accepted risk thresholds. • Serve as the primary responder to enterprise customer security questionnaires, and engage directly with customers and prospects. • Demonstrate a solid understanding of system and data architecture, including cloud infrastructure, data flows, and access controls, in order to answer technical assessment questions accurately and confidently. • Develop and maintain a reusable security response library (trust portal, standard questionnaire answers, and diagrams) to accelerate future engagements. • Act as a security partner to Engineering, Product, Legal, Sales, and Customer Success, translating security requirements into actionable guidance for non-security audiences. • Participate in architecture and design reviews, ensuring new systems and features meet security and compliance requirements before deployment. • Maintain fluency in artificial intelligence and automation technologies, understanding their security and compliance implications within Rad AI’s platforms. • Leverage AI-assisted tools to improve security operations efficiency, including threat analysis, automated evidence collection, and other cybersecurity workflows.

About Rad AI At Rad AI, we’re on a mission to transform healthcare with artificial intelligence. Founded by a radiologist, our AI-driven solutions are revolutionizing radiology—saving time, reducing burnout, and improving patient care. With one of the largest proprietary radiology report datasets in the world, our AI has helped uncover hundreds of new cancer diagnoses and reduced error rates in tens of millions of radiology reports by nearly 50%. Rad AI has secured over $140M in funding, including a recently oversubscribed Series C ($68M round) led by Transformation Capital, bringing our valuation to $528M. Our investors include Khosla Ventures, World Innovation Lab, Gradient Ventures, Cone Health Ventures, and others—all backing our mission to empower physicians with cutting-edge AI. Our latest advancements in generative AI are used by thousands of radiologists daily, supporting more than one-third of radiology groups and healthcare systems and nearly 50% of all medical imaging in the U.S. at partners including Cone Health, Jefferson Einstein Health, Geisinger, Guthrie Healthcare System, and Henry Ford Health. Recognized as one of the most promising healthcare AI companies by CB Insights and AuntMinnie, and ranked by Deloitte as the 19th fastest-growing company in North America, we are building AI-powered solutions that make a real impact. Most recently, Rad AI was named to CNBC’s Disruptor 50 list, highlighting the innovation and momentum behind our mission. If you’re ready to shape the future of healthcare, we’d love to have you on our team! Why Join Us: Rad AI is redefining the boundaries of artificial intelligence in healthcare. As our Senior Cybersecurity Analyst, you will play a critical role in securing the company, driving compliance programs, managing risks, and serving as a trusted partner to customers and internal teams alike. This is not a purely technical role: it demands equal parts audit, security expertise, project management discipline, and clear communication. This role will report directly to the Director of IT & Cybersecurity. What You'll Be Doing: - Manage SOC 2 Type II audit cycles from scoping through evidence collection to final report, serving as the primary point of contact for auditors and collaborators. - Coordinate HIPAA compliance assessments, including risk analyses, policy reviews, and Business Associate Agreement (BAA) management. - Conduct structured gap analyses against applicable frameworks (SOC 2, HIPAA, ISO 42001, NIST CSF) to identify control deficiencies and develop prioritized remediation roadmaps. - Track risk mitigation and remediation plans, ensuring accountability and measurable progress against accepted risk thresholds. - Serve as the primary responder to enterprise customer security questionnaires, and engage directly with customers and prospects. - Demonstrate a solid understanding of system and data architecture, including cloud infrastructure, data flows, and access controls, in order to answer technical assessment questions accurately and confidently. - Develop and maintain a reusable security response library (trust portal, standard questionnaire answers, and diagrams) to accelerate future engagements. - Act as a security partner to Engineering, Product, Legal, Sales, and Customer Success, translating security requirements into actionable guidance for non-security audiences. - Participate in architecture and design reviews, ensuring new systems and features meet security and compliance requirements before deployment. - Maintain fluency in artificial intelligence and automation technologies, understanding their security and compliance implications within Rad AI’s platforms. - Leverage AI-assisted tools to improve security operations efficiency, including threat analysis, automated evidence collection, and other cybersecurity workflows. Who We're Looking For: - Bachelor’s degree in Information Security, Computer Science, or a related field. - 6+ years of experience in cybersecurity, with at least 2 years of hands-on involvement in compliance programs or security audits. - Demonstrated experience leading or significantly contributing to SOC 2 through full audit lifecycle. - Practical knowledge of risk management frameworks (NIST RMF, ISO 42001, FAIR) and risk treatment processes. - Experience responding to enterprise customer security questionnaires and interfacing directly with customers on security topics. - Strong project management skills with the ability to manage multiple concurrent workstreams in a fast-paced environment. - Ability to communicate complex security and compliance topics clearly to both technical and non-technical audiences, including in customer-facing settings. - Experience reviewing and maintaining information security policies and procedures. - Active security certifications; ideally a CISSP and CISA. Nice to Haves: - Healthcare industry experience and understanding of healthcare data handling obligations. - Experience with project management methodologies (PMP, Agile, Scrum) or formal project management training. - Familiarity with additional compliance frameworks: ISO 27001, NIST CSF, or HITRUST. - Knowledge of DevSecOps practices and integration of security into CI/CD pipelines. Join our world-class team as we build and deploy AI solutions that empower physicians and transform patient care—making a meaningful impact on millions of lives. Driven by our mission, we prioritize transparency, inclusion, and close collaboration, bringing together exceptional people to revolutionize healthcare. If you're passionate about driving innovation and delivering impactful healthcare solutions, we'd love to hear from you! To learn more about what it's like to work at Rad AI, visit https://www.radai.com/life-at-rad-ai For US-Based Full-Time Roles, Rad AI offers a variety of benefits, including: - Comprehensive Medical, Dental, Vision & Life insurance - HSA (with employer match), FSA, & DCFSA - 401(k) - 11 Paid Company Holidays - Location Flexibility (Remote-first company!) - Flexible PTO policy - Annual company-wide offsite - Periodic team offsites - Annual equipment stipend - For roles based outside the US, your recruiter can share more details At Rad AI, we value diversity and provide equal employment opportunities (EEO) to all employees and applicants without regard to race, color, religion, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We will consider for employment qualified applicants with criminal histories in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance. Please be vigilant regarding job scams. We advise all candidates to apply directly through our official careers page. Our recruiters will use email addresses with the domain @radai.com or no-reply@ashbyhq.com.