GRC Analyst

Summary

Join Modernizing Medicine (ModMed) as a driven GRC Analyst to support the development and implementation of GRC strategies. This role ensures ModMed's adherence to regulatory requirements, industry standards, and cybersecurity best practices. You will conduct risk assessments, develop mitigation strategies, and ensure compliance with regulations like PCI, HIPAA, and SOC2. Responsibilities include developing cybersecurity policies, conducting audits, delivering security awareness training, and preparing GRC reports. The ideal candidate possesses a strong understanding of GRC frameworks, risk management experience, and excellent communication skills. ModMed offers a competitive benefits package, including health insurance, retirement benefits, paid time off, and professional development opportunities.

Requirements

• Bachelor’s degree in Information Security, Cybersecurity, or Information Technology or equivalent education and experience
• Minimum of 3-5 years of experience in information security GRC, or related fields
• Experience with PCI, HIPAA, SOC2, CIS Controls, and risk management, enterprise security risk management
• Proficiency in PCI and security risk assessments methodologies and tools
• Excellent problem-solving skills
• Strong communication and interpersonal skills
• Strong understanding of security frameworks and standards (NIST CSF, PCI, HIPAA, SOC2, CIS Controls)
• Experience with GRC tools and technologies PCIP, ISA CISA Certification

Responsibilities

• Develop and maintain cybersecurity policies, procedures, and standards
• Ensure alignment of cybersecurity practices with business objectives and regulatory requirements
• Assist in the creation and management of the cybersecurity governance framework
• Conduct risk assessments on third parties to identify and evaluate potential cybersecurity risks
• Develop and implement risk mitigation strategies and controls
• Monitor and report on risk management activities and the effectiveness of controls
• Ensure compliance with industry regulations and standards (PCI, HIPAA, SOC2)
• Conduct regular audits and assessments to ensure adherence to compliance requirements
• Collaborate with internal and external auditors during compliance reviews and audits
• Develop and deliver cybersecurity awareness training materials
• Promote a culture of cybersecurity awareness across the organization
• Monitor and report on the effectiveness of security awareness initiatives
• Prepare regular reports on GRC activities and metrics for senior security management
• Maintain comprehensive documentation of all GRC activities, policies, and procedures
• Ensure proper documentation of risk assessments, audit findings, and compliance activities

Preferred Qualifications

Familiarity with healthcare industry regulations and standards is a plus

Benefits

• Comprehensive medical, dental, and vision benefits, including a company Health Savings Account contribution
• 401(k): ModMed provides a matching contribution each payday of 50% of your contribution deferred on up to 6% of your compensation. After one year of employment with ModMed, 100% of any matching contribution you receive is yours to keep
• Generous Paid Time Off and Paid Parental Leave programs
• Company paid Life and Disability benefits, Flexible Spending Account, and Employee Assistance Programs
• Company-sponsored Business Resource & Special Interest Groups that provide engaged and supportive communities within ModMed
• Professional development opportunities, including tuition reimbursement programs and unlimited access to LinkedIn Learning
• Global presence and in-person collaboration opportunities; dog-friendly HQ (US), Hybrid office-based roles and remote availability for some roles
• Weekly catered breakfast and lunch, treadmill workstations, Zen, and wellness rooms within our BRIC headquarters
• Meals & Snacks: Enjoy complimentary office lunches & dinners on select days and healthy snacks delivered to your desk
• Insurance Coverage: Comprehensive health, accidental, and life insurance plans, including coverage for family members, all at no cost to employees
• Allowances: Annual wellness allowance to support your well-being and productivity
• Earned, casual, and sick leaves to maintain a healthy work-life balance
• Bereavement leave for difficult times and extended medical leave options
• Paid parental leaves, including maternity, paternity, adoption, surrogacy, and abortion leave
• Celebration leave to make your special day even more memorable, and company-paid holidays to recharge and unwind