GRC Security Analyst

Summary

Join Flatiron Health as a GRC Security Analyst and contribute to improving cancer care. Support security implementations, facilitate audits, identify and solve data security issues, and communicate effectively with stakeholders. Perform risk analysis, test controls, mature vendor risk assessment processes, and respond to client questionnaires. Promote security education and awareness. This remote position offers flexible work hours and a comprehensive benefits package, including paid time off, 401(k) contributions, financial health resources, mental well-being tools, parental benefits, and more. The ideal candidate possesses 3+ years of relevant experience in third-party risk assessment, NIST 800-53, security audits, and working with security frameworks (HIPAA, PCI, NIST, ISO). Excellent communication and organizational skills are essential.

Requirements

• 3+ years relevant experience (Third party risk assessment, NIST 800-53 experience, Interpretation & Maintenance of Security Policies / Standards, Risk Management)
• 3+ years of audit experience (planning, leading, facilitating security audits)
• Experience working with security frameworks (HIPAA, PCI, NIST, ISO etc)
• Proven ability to manage risk and projects in a face paced environment
• Ability to communicate risk effectively to stakeholders within the organization
• Superior organizational skills and attention to detail
• Excellent interpersonal, writing and communication skills
• Ability to constantly prioritize and change or adapt to ambiguous situations
• Passionate about healthcare and the fight against cancer

Responsibilities

• Support Security related implementations and projects by coordinating with technical and non-technical teams to ensure success
• Facilitate product and organizational specific audits to maintain compliance with regulatory requirements
• Proactively identify and develop solutions to data security issues by working with multiple teams including Privacy, Legal, HR, Procurement and vendors
• Effectively communicate security needs and business requirements to stakeholders
• Serve as an advisor and internal consultant on identified issues, project plans or any other initiative that may have security implications
• Perform risk based analysis on proposed projects, vendors, and issue resolution implementations
• Test implemented controls and perform risk assessments based on established frameworks and Flatiron internal policies
• Mature the vendor risk assessment process and evaluate assessments using a risk based approach
• Respond to client security risk assessment questionnaires by gathering information from across the organization as necessary
• Promote security education and awareness across Flatiron

Preferred Qualifications

You have HIPAA experience

Benefits

• Work/life autonomy via flexible work hours and flexible paid time off
• Comprehensive compensation package
• 401(k) contribution to help you reach your retirement planning goals
• Financial health resources including 1:1 financial advice
• Mental well-being tools and services
• Parental benefits and policies including family-building care and generous leave
• Path to parenthood programs supporting fertility, adoption and surrogacy
• Travel support for safe healthcare services