hero

The Storyboard

Welcome to the Storyboard, a place to explore career adventures at start-ups and companies founded by Claremont alumni and the Claremont community. Choose your next adventure at a company where you’ll have an edge from day one, and leverage our Claremont network to build your career.

Also, make sure to check out our newsletter, StoryHouse Review, to find out more about these companies in the Claremont ecosystem.

Security Compliance Analyst

Crossover Health

Crossover Health

IT, Legal
United States · Remote
USD 91,881-119,445 / year
Posted on Aug 1, 2025

About Crossover Health

Crossover Health is creating the future of health as it should be. A national, team-based medical group with a focus on wellbeing and prevention that extends beyond traditional sick care, the company delivers an entirely new model of healthcare—Primary Health—built on the foundation of trusted relationships, an interdisciplinary care team approach, and outcomes-based payment. Crossover’s Primary Health model integrates primary care, physical medicine, mental health, health coaching, care navigation and more, and delivers care in surround-sound—in-person, virtually and via asynchronous messaging. Together we are building a community of members that embraces healthcare as a proactive part of their lifestyle.

Job Summary

Job Responsibilities

This role is critical to Crossover’s security and compliance efforts. The ideal candidate will thrive in an environment where every day brings opportunities to learn new technologies, work on projects small and large. This role will focus on Third-Party Risk Management and will be responsible for performing annual and new vendor risk reviews, and supporting internal and external audits including SOC2 and HITRUST Certifications.

  • Perform security vendor risk assessments to evaluate third-party security risks, ensuring all vendors meet Crossover Health’s security standards

  • Assist third party security audits including HITRUST and SOC2 by collecting and reviewing evidence, supporting internal control owners, and coordinating with assessors.

  • Serve as an advisor to TechOps, DevOps, Engineering, HR, and other business units to ensure teams are aware of, and understand, compliance requirements that impact their department

  • Monitor the organization's Security risks, risk registers, and treatment plans. Coordinate with business stakeholders and auditors to perform point-in-time and annual security risk assessments

  • Monitor compliance with Crossover Health’s policies and procedures

  • Assist with internal security risk assessments and communicate findings to stakeholders.

  • Identify policy and process improvement opportunities, develop recommendations, and communicate with stakeholders collaboratively

  • Respond to customer security questionnaires

  • Provide high quality written and verbal reports as required

  • Perform other duties as assigned

Required Qualifications

  • 2+ years experience in an IT, security, compliance, audit or development role

  • Internal audit and/or compliance experience

  • Knowledge of core security controls and systems such as risk analysis quantification and points of escalation

  • Strong understanding of information security principles, including risk assessment and mitigation strategies.

  • A broad understanding of Information Security technologies, programs and systems

  • Coordinate large scale projects such as annual security audits

  • Demonstrated excellence in organizing, prioritizing, and multitasking in a high paced environment

  • Excellent verbal and written communication skills to speak across multiple audiences

  • Excellent analytical and problem-solving skills in the context of information security.

  • Ability to work independently, as well as in a team environment

  • Continuously sought and embraced opportunities to build upon your skills and knowledge

  • Strong organizational and problem solving skills

Preferred Qualifications

  • Prior experience conducting SOC, ISO, PCI and/or SOX audits.

  • Experience running a vendor risk management program or conducting vendor risk assessments

  • Knowledge of cloud technologies and IaaS, PaaS, and SaaS platforms

  • Experience writing and reviewing formal policies and procedures

  • Working knowledge of federal and state healthcare regulations such as HIPAA

  • Working knowledge of privacy laws and regulations such as GDPR & CCPA

  • Prior experience working in healthcare and/or software

  • Security related certifications, such as CISA, CISM, CISSP, CRISC, and/or other professional certifications

The base pay range for this position is $91,881.00 to $119,445 per year. Pay range may vary depending on work location, applicable knowledge, skills, and experience. This position may be eligible for an annual bonus opportunity and comprehensive benefits package that includes Medical Insurance, Dental Insurance, Vision Insurance, Short- and Long-Term Disability, Life Insurance, Paid Time Off and 401K.

Crossover Health is committed to Equal Employment Opportunity regardless of race, color, national origin, gender, sexual orientation, age, religion, veteran status, disability, history of disability or perceived disability. If you need assistance or an accommodation due to a disability, you may email us at careers@crossoverhealth.com.

To all recruitment agencies: We do not accept unsolicited agency resumes and are not responsible for any fees related to unsolicited resumes.

#LI-Onsite