Biofourmis Careers
http://www.biofourmis.comBiofourmis is a rapidly growing digital therapeutics company that is the leader in Personalized Predictive Care. Our disruptive innovations use advanced clinical-grade wearable sensors to continuously monitor bio vitals and process them using our patented and FDA-approved AI/ML algorithms to predict changes in physiology that are co-related to medical and disease events in the cardiac, oncology, respiratory, and other therapeutic areas.
We are pioneering an entirely new category of the healthcare system, by developing clinically validated software-based therapeutics to provide better outcomes for patients, smarter engagement and tracking tools for clinicians, and cost-effective solutions for payers.
We are a dynamic high-growth company, having quadrupled in size in the last 12 months. We are a Global organization with offices in Boston, Singapore, and Bangalore. We are backed by some of the premier venture capitalists in the world and enjoy the confidence of customers who are leaders in the healthcare and life sciences industry.
Jobs at Biofourmis
Job Summary:
Perform periodic user access and permission review Jenkins, Bitbucket, Jira business application to ensure stale or unused accounts are deleted timely and users are only given role-based access to perform their job responsibilities.
• Create and Review role-based authorization strategy for Jenkins, Bitbucket, Jira, and ensure access to systems is provisioned with the concept of least privileges.
• Create appropriate workflow(s) and/or policies for access control and access review
• Analyzing log(s), and tracking who performs what activity in pipeline tools (e.g., bitbucket, Jenkins etc.)
• Support Development team and DevOps team to perform continuous integration and continuous deployment for Bitbucket repo to set up and review
• Configure plugins for pipeline tool’s users to ensure access/permission control
• Configure security setting and policies in Jenkins, Bitbucket, Jira to secures Development team and DevOps’ workflow from code to deployment by configuring tools such as Vault, KayCloack.
• Configure and review Source Control to enable development teams to effectively manage changes and version code in their codebases
• Participate in internal and external Security and compliance audit.
Experience and Skill set Requirement
• Graduate with 3+ years of experience of CI/CD processes in Jenkins, Bitbucket Pipelines, and with container technologies like Kubernetes, Dockers.
• Strong Experience with SCM methodologies especially Git, Bitbucket and GitHub.
• Experienced in version control systems like GIT and used Source code management tools
• Hands-on experience with Infrastructure as a Code Tools
• Good understanding of role-based access control and enjoy working on all types of planned and unplanned issues/tasks.
• Knowledge of Cloud technologies
• Familiar with information security practices and procedures
Roles & Responsibilities
- Support security compliance audits like SOC-2, ISO 27001 and HITRUST.
- Conduct readiness assessments, coordination with stakeholders, document and controls implementations for the external audits on a regular basis.
- Perform security and technology risk assessment, and provide recommendations on risk mitigation /remediation strategies under the guidance.
- Work with the business & other stakeholders in creating and roll out security policies, processes and controls to manage technology risk and ensure effective risk governance.
- Perform routine internal audits and follow up on action items for effective compliance management.
- Regularly review, update and align the current security policies with the control infra.
- Support, participate and monitor BCP/DR plan and drills under the guidance.
- Work with team or independently manage security projects and tools.
- Assist in mapping various compliance frameworks, certifications, etc.
- Support on vendor security assessments e.g. initial kick off, follow up, remediation plans and follow ups, etc. under the guidance.
Requirements
- 7 years of relevant experience or a previous role into security technology with few years into risk, compliance and audit activities.
- Excellent implementation knowledge of various security audits like SOC 2 and ISO 27001, their expectatioins and requirements.
- Experienced in working with external auditors, as an auditor and auditee.
- Good conceptual and analytical skills on implementing security controls to protect organizational assets.
- Capable of participating in multiple projects simultaneously in an evolving and fast growing organizational culture.
- Excellent interpersonal skills, good at coordination and a team player.
- Any of the certification/s – CISA, CRISC, etc.
Preferred Qualifications/Skills
- Past experience with healthcare industry is a plus.
- Experince with medical devices, IoT devices, etc. related compliance to support regulatory requirements (FDA, etc.) and third party security audits like SOC 2, ISO 27001, MDSAP, ISO 13485, etc. is a plus.
- Good to have knowledge of cloud security.
Similar companies
About the company
Jobs
2
About the company
Jobs
7
About the company
Jobs
3
About the company
The leading source for trustworthy and timely health and medical news and information. Providing credible health information, supportive community, and educational services by blending award-winning expertise in content, community services, expert commentary, and medical review.
Jobs
3
About the company
Jobs
1
About the company
Jobs
1