Role Description The Security & Compliance Analyst will be responsible for Security Governance, Risk, and Compliance (GRC) within the organization. The incumbent will participate in annual audits, interact with customers as needed, prioritize and track security and compliance risk issues, guide internal and external stakeholders on mitigation, identify risks that increase loss probability and communicate the posture to leadership. - Support the development, update, revision, and/or implementation of security and compliance policies, procedures, practices, and metrics. - Manage and support audit engagements (e.g., HIPAA, SOC 2, HITRUST), the audit request lists and ensure requests are being fulfilled by stakeholder management. - Participate in internal/external audits as it relates to evidencing control management practices. - Assist the business to document, assess, remediate any issues and risks raised during audit examinations and risk assessments. - Implement, monitor, and continuously improve the HIPAA Training & Security Awareness Program. - Conduct third party risk assessments and vendor management to ensure all vendors are vetted and approved, onboarded according to defined policy/process, and have proper ongoing oversight to ensure Security and Regulatory compliance. - Coordinate and manage efforts to mitigate risks and remediation plans to completion. - Ensure effective risk management controls for the entire infrastructure, including but not limited to endpoints, mobile devices, servers, cloud services and tools, etc. - Maintain a risk register. - Analyze and provide guidance for exception and non-standard software requests. - Coordinate Strategic Response Training and conduct Incident Response tabletop exercises. - Investigate, document, and remediate Security Incidents, including but not limited to SOC, MDR and other security controls alerts. - Support the Sales process, including addressing customer security questionnaires and interfacing with client security teams. - Respond to Customer Security Assessments and inquiries. - Ensure compliance with Customer Requirements. - Perform other related duties as assigned. - Use, protect and disclose patients’ protected health information (PHI) only in accordance with Health Insurance Portability and Accountability Act (HIPAA) standards. Qualifications - 3+ years of progressive experience in Risk Management, Audit, Compliance, and/or Security Operations roles. - Industry certification CompTIA Security+ required. - Industry certification Certified Ethical Hacker (CEH) Preferred. - Industry certification such as CISSP, HCISSP, CISM, or CISA preferred but not required. - Solid understanding of relevant security and compliance certifications/frameworks, including HIPAA, NIST, ISO27001, SOC, PCI-DSS. - Experience with HITRUST preferred but not required. - Ability to "wear multiple hats" at once and/or pivot quickly based on business need. - Ability to balance competing priorities based on risk and criticality and independently develop initiatives. Requirements - Physical Demands: While performing the duties of this job, the employee is occasionally required to move around the work area; sit; perform manual tasks; operate tools and other office equipment such as computer, computer peripherals and telephones; extend arms; kneel; talk and hear. - Mental Demands: The employee must be able to follow directions, collaborate with others, and handle stress. - Work Environment: The noise level in the work environment is usually minimal. Company Description Med-Metrix will not discriminate against any employee or applicant for employment because of race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical history), political affiliation, military service, veteran status, other non-merit based factors, or any other characteristic protected by federal, state or local law.

• Monitor computer networks for security issues • Investigate security breaches and other cybersecurity incidents • Install security measures and operate software to protect systems and information infrastructure, including firewalls and data encryption programs • Document security breaches and assess the damage they cause • Work with the security team to perform tests and uncover network vulnerabilities • Fix detected vulnerabilities to maintain a high-security standard • Stay current on IT security trends and news • Develop company-wide best practices for IT security • Perform penetration testing and vulnerability scanning • Help colleagues install security software and understand information security management • Research security enhancements and make recommendations to management • Stay up to date on information technology trends and security standards.

• Serve as the primary customer-facing point of contact for security and compliance inquiries across EMEA • Respond to customer assurance requests, including due diligence inquiries, security questionnaires, RFPs, and contract-related security reviews • Develop and maintain deep expertise in European regulatory, security, and compliance frameworks • Analyze customer-driven compliance requirements by reviewing agreements, security addenda, and regulatory obligations • Partner closely with Legal, Security, Engineering, Product, Compliance, Sales, and Field teams • Identify, assess, and communicate security and compliance risks arising from customer engagements • Provide executive-level visibility by preparing summaries and reports on customer assurance trends, compliance posture, and risk themes

Role Description We're hiring a hands-on Security Analyst to own the day-to-day of our security program across endpoints, cloud, and identity. You'll monitor, investigate, and respond to threats while serving as the first point of contact for employees with security questions. This role has real ownership. You'll operate within established guidelines with appropriate oversight, but the day-to-day security operations are yours to run. We're looking for someone who takes that seriously, someone who can distinguish signal from noise, escalate when it counts, and handle their domain with consistency and care. We're a technical team that moves fast and expects its people to keep up. We want someone who is genuinely curious about how things work, stays current without being told to, and brings ideas rather than waiting for them. What You'll Do - Daily & Weekly - Monitor and triage Microsoft Defender alerts across endpoints, identity, and cloud - Review Intune/MDM compliance dashboards, validate endpoint patch status, and follow up on non-compliant devices - Monitor Azure Defender for Cloud, Azure Policy, and Entra ID for anomalous activity - Handle front-line employee security questions and requests - Monthly - Review access to protected systems and validate permissions remain appropriate - Perform abuse screening per established runbook - Execute web application security scans and document findings - Verify Conditional Access policies are operating as configured and investigate any drift - Review and adjust web filtering rules and endpoint traffic controls - Prepare security metrics reports for leadership - Surface process and tooling improvements to your manager - Quarterly - Coordinate vulnerability scanning with our third-party security partner; triage results, brief Engineering on findings, and drive remediation to closure within SLA - Support compliance evidence collection per compliance team direction - Annually - Own coordination of our penetration test: scoping, scheduling, stakeholder liaison, and remediation tracking - Support the annual audit evidence collection process Qualifications - 3–5 years in a hands-on security operations role across real enterprise environments - Demonstrated experience across the Microsoft Defender suite: Defender for Endpoint, Defender for Identity, Defender for Cloud Apps, and Defender for Cloud - Working knowledge of Intune/MDM for endpoint compliance - Experience with Azure security services: Azure Policy and Entra ID (Conditional Access, PIM, audit logs) - Familiarity with GitHub Actions and/or Azure DevOps - Experience supporting compliance programs - executing control tasks and contributing to evidence collection - Strong collaborator - someone peers and stakeholders can rely on - Genuinely curious - you follow threads, ask why, and don't stop at the surface Education - We prefer a Bachelor's degree in a technical field but will seriously consider candidates with an Associate's degree, relevant certifications, or equivalent hands-on experience. - Military cybersecurity experience is highly valued. Preferred Qualifications - Microsoft certifications: SC-200, SC-300, AZ-500 - Experience with web application security scanning tools - PowerShell or Python for log analysis and automation Work Environment You'll be the dedicated security analyst on an eight-person technical team, working closely with the compliance team, Engineering, IT, and our external security partners. Occasional availability outside business hours for security incidents is expected.