Security Compliance and InfoSec Analyst

Variantyx is a CLIA/CAP-certified genomics company delivering cutting-edge whole genome sequencing (WGS) diagnostics through our proprietary Genomic Unity® testing platform. We empower clinicians with actionable insights for diagnosing rare and inherited conditions. Our work sits at the intersection of science, healthcare, and technology—and so does our internal systems team. We are looking for a proactive and detail-oriented Security Compliance & InfoSec Analyst to join our Information Security team. This position offers a unique opportunity to grow your cybersecurity career by working at the intersection of compliance, risk management, and technical security. You will assist in maintaining regulatory and security compliance while helping to strengthen the organization’s overall information security posture. Key Responsibilities Compliance & Risk: Assist with compliance initiatives across frameworks and regulations such as ISO 27001, NIST, SOC 2, HIPAA, GDPR, and PCI DSS. Support internal audits, control testing, and risk assessments to evaluate compliance with security policies and standards. Help document and track security findings, risks, and remediation activities. Maintain records of compliance artifacts and prepare reports for audits and regulatory reviews. Participate in third-party risk management processes, including vendor assessments and due diligence. Information Security: Assist with implementing and monitoring information security policies, procedures, and controls. Support the incident response team by collecting evidence, documenting incidents, and assisting with investigations. Collaborate with IT and engineering teams to ensure secure configurations, access control, and data protection practices. Contribute to vulnerability management efforts by reviewing scan results and tracking remediation. Help develop and deliver security awareness training and phishing simulation programs. Qualifications Required: Basic understanding of information security principles, risk management, and compliance standards. Strong organizational skills and attention to detail. Effective written and verbal communication skills. Ability to analyze and interpret security and compliance requirements. Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, Risk Management, or a related field. Preferred: Internship or project experience in cybersecurity, risk, or compliance. Familiarity with tools such as GRC platforms, SIEMs, vulnerability scanners, or ticketing systems. Certifications such as CompTIA Security+, GIAC GRC Fundamentals, or Certified Information Systems Auditor (CISA) are a plus. Working Conditions Standard office hours, with flexibility for remote/hybrid work depending on company policy. Occasional extended hours during audits, security incidents, or key project deadlines. Minimal travel may be required.

Created: 2025-09-24