Security Analyst

Lyra Health

Lyra Health

United States · Remote
Posted on Saturday, October 14, 2023
About Lyra Health
Lyra is transforming mental health care through technology with a human touch to help people feel emotionally healthy at work and at home. We work with industry leaders, such as Morgan Stanley, Uber, Amgen, and other Fortune 500 companies, to improve access to effective, high-quality mental health care for their employees and their families. With our innovative digital care platform and global provider network, 10 million people can receive the best care and feel better, faster. Founded by David Ebersman, former CFO of Facebook and Genentech, Lyra has raised more than $900 million.
We’re looking for an exceptional Security Analyst to join our team - one who cares deeply about making a difference, and is passionate about contributing to the strong security culture here at Lyra.
In this dynamic role, you will have the opportunity to collaborate on various security programs across multiple departments. Program work streams include working closely with business teams; internal partners such as the compliance, technical, and vendor security review teams; as well as interfacing with external auditors and collaborators.
This role can be carried out (hybrid) from our Burlingame, CA headquarters, or remote/virtual (remote candidates must be physically located within the United States).


  • Manage and analyze evidence of security controls from across multiple lines of business
  • Assist with external independent penetration tests, as well as any necessary remediation efforts
  • Conduct 3rd party security audits as part of our overall vendor management program
  • Provide Incident Response support when actionable security incidents are identified
  • Monitor, analyze, and triage security events to ensure we maintain a strong security posture
  • Be a contact point for security, privacy / data protection and data governance policies across the organization


  • 3+ years of experience working within an organization in the areas of security, data protection and/or data governance
  • Experience with GRC process and tools (Archer, ServiceNow, Secureframe)
  • Proficiency with undergoing technical audits and evidence collection
  • Effective communication skills (both written and oral)
  • Exposure and familiarity with multiple data security domains such as third-party security, asset management, endpoint / mobile device security, etc.
  • Understanding of the key security systems within cloud environments such as Intrusion Detection Systems (IDS), Web Application Firewall (WAF), Security Information and Event Management (SIEM)
  • Familiarity with role based access control (RBAC) and identity and access management (IAM)
  • Bachelor's degree in a related field, or equivalent experience with relevant industry certification (Sec+, ISC2 CC, GISF, GSEC)

Desired Experience

  • Working with Security policies and controls in a regulated environment such as HIPAA, GDPR, or FedRamp
  • Familiarity with standard security frameworks such as Health Information Trust Alliance (HiTrust), SOC 2, and ISO 27001
  • Experience working with Amazon Web Services and general cloud security concepts is a plus.

Diversity & Inclusion

  • Diversity, equity, inclusion, and belonging (DEIB) at Lyra is essential to the way we deliver culturally responsive care, build and manage our provider network, and support holistic efforts to strengthen DEIB in workplaces around the world—including our own.
  • People come to Lyra with a range of needs, backgrounds, and abilities that influence their response to mental health support. Our diverse network of providers delivers comprehensive mental health treatment and support rooted in culturally responsive care, a multicultural approach that accounts for the impact of cultural backgrounds on each person’s care experience. Learn more at
We are an Equal Opportunity Employer. We do not discriminate on the basis of race, color, religion, sex (including pregnancy), national origin, age, disability, genetic information or any other category protected by law.
By applying for this position, your data will be processed as per Lyra Health Workforce Privacy Notice. Through this application, we will collect personal information from you including your name, email address, gender identity, employment information, and phone number for the purposes of recruiting and assessing suitability, aptitude, skills, qualifications, and interests for employment with Lyra. We may also collect information about your race, ethnicity, and sexual orientation, which is considered sensitive personal information under the California Privacy Rights Act (CPRA). Providing this information is optional and completely voluntary. If you are a California resident and would like to limit how we use this information, please use the Limit the Use of My Sensitive Personal Information form. This information will only be retained for as long as needed to fulfill the purposes for which it was collected, as described above. Please note that Lyra does not “sell” or “share” personal information as defined by the CPRA. For more information about how we use and retain your information, please see our Workforce Privacy Notice.