Security & Compliance Analyst at Doctor On Demand

About Doctor On Demand

Doctor On Demand’s mission is to improve the world’s health through compassionate care and innovation.  We believe that health is personal, and means so much more than treating illness.  We're proud of the care we've provided over the years and the relationships we’ve developed with our patients, as evidenced by the 5-star reviews we continually receive. People use our service to gain access to some of the best physicians and licensed therapists in the country, all whenever and wherever is most convenient.  It’s as simple as opening the Doctor On Demand app on a smartphone or computer.

Through live video visits, our hand-picked, US-trained doctors take patient history, perform an exam, and recommend a treatment plan. Prescriptions, if needed, go directly to the pharmacy of choice. While insurance isn’t required, tens of millions of Americans enjoy covered medical and mental health visits through employer and health plan partnerships. To learn more about the hundreds of medical issues we treat, visit us at


The Security & Compliance Analyst will be the primary point of contact for the company's  application and infrastructure-level security at Doctor On Demand. This role is responsible for  evaluating existing code and architecture for vulnerabilities, ensuring continuous implementation of SDLC best practices, and managing penetration testing pipeline.

The Security & Compliance Analyst will maintain the daily operations of the security and compliance programs, under the direction of the program managers. This role is responsible for ensuring the daily operations of the security and compliance programs run efficiently, organize evidence gathering for third party audits.


  • Compliance & Security Training Program - maintain up to date email templates, coordinate training course updates, and ensure high levels of training compliance follow up with non-compliant employees.

  • Governance, Risk and Compliance (GRC) System Management - assist in managing day to day operations in the GRC system, maintain and respond to alerting, ensure that evidence and audit activity is gathered correctly from internal teams.

  • Vendor Management - assist in vendor intake and re-assessment process.

  • Security, Legal, and Compliance Helpdesk - run traffic control for incoming tickets, processing inbound security and privacy assessment requests, maintaining automation and tickets as needed.

  • Third Party Audits - assist in evidence gathering and answering questions for audits and assessments.

  • Security Tickets for Engineering - manage and track open tickets with engineering, assist in organizing security focused sprints.

  • Serve as backup for crisis coordinator on the incident response team.

  • Record meeting notes at security and compliance meetings.

  • Other duties as assigned. 

Required Skills/Abilities:

  • Excellent communication, planning, organizational, and writing skills.

  • Knowledge of compliance/risk analysis concepts, HIPAA regulations, information security audit standards, and industry best practices.

  • Attention to detail in project management and operational excellence.

  • Track record of developing and maintaining high quality internal policy and procedure documents.

  • Ability to understand deep technical concepts and explain technical or complex analysis to non-technical individuals. 

  • Ability to work on many different projects at the same time, multitasking is a must.

  • Ability to work independently.

  • Familiarity with Google Suite (Gmail, Calendar, Drive) and ticketing systems (Jira).

  • Ability to work under deadlines. 

Education and Preferred Experience:

  • Bachelor's Degree.

  • Minimum of 1+ year of work experience, preferably in a security, compliance, or IT role.

  • Jira Service Desk or other help desk ticketing system experience

  • GRC experience

  • Third party audit experience

  • Healthcare privacy or security experience

  • Experience developing and submitting audit and compliance reports to governing bodies, legal entities, and/or external authorities

  • Experienced in processes for assessing and designing internal controls for large scale organizations

  • Experience assessing security risk for large scale organizations. Specific experience in cloud services organizations

 Physical Requirements:

  • Prolonged periods of sitting at a desk and working on a computer.

  • While performing the duties of this job, the employee routinely is required to sit; walk; talk and hear; use hands to keyboard, finger, handle, and feel; stoop, kneel, crouch, twist, crawl, reach, and stretch.

  • Must be able to lift up to and/or move up to 30 lbs.

This is not necessarily an all-inclusive list of job-related responsibilities, duties, skills, efforts, requirements or working conditions. While this is intended to be an accurate reflection of the current job, Doctor On Demand reserves the right to revise the job or to require that other or different tasks be performed as assigned. All job requirements are subject to possible revision to reflect changes in the position requirements or to reasonably accommodate individuals with disabilities. This job description in no way states or implies that these are the only duties to which will be required in this position, employees may be required to follow other job-related duties as requested by their supervisor/manager (within guidelines and compliance with Federal and State Laws). Continued employment remains on an “at-will” basis.