Lead GRC Analyst

Logo of TherapyNotes

TherapyNotes

πŸ’΅ $100k-$140k
πŸ“Remote - United States

Job highlights

Summary

Join us at TherapyNotes and revolutionize behavioral health software together while making a real difference! We're seeking an experienced cyber security professional to join our team of technology enthusiasts.

Requirements

  • BS degree from an accredited postsecondary institution or program in Information Security, Risk Management, Business Administration, or related field
  • 5+ years of experience in GRC, risk management, or related fields, with demonstrated leadership experience
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC)
  • Strong knowledge of regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS, CPRA) and industry standards (e.g., ISO 27001, NIST)
  • Expert in designing, implementing, and maintaining security solutions
  • Experience developing and implementing GRC frameworks, policies, and procedures
  • Expert in OWASP, CIS and/or other security standards and secure configuration baselines
  • Proficiency with cloud-based solutions and web related technologies

Responsibilities

  • Develop and implement GRC strategies, policies, and procedures to ensure compliance with regulatory standards and industry best practices
  • Lead the assessment and management of risks across the organization, including conducting risk assessments, identifying gaps, and developing mitigation plans
  • Collaborate with cross-functional teams to integrate GRC principles into business processes and systems
  • Monitor regulatory changes and industry trends to ensure the organization remains compliant and proactive in addressing emerging risks
  • Provide guidance and training to employees on GRC policies, procedures, and best practices
  • Oversee the execution of audits, assessments, and compliance activities to validate adherence to compliance standards
  • Act as a liaison with external auditors, regulators, and stakeholders on GRC-related matters
  • Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives
  • Mentor and coach GRC analysts, fostering their professional development and growth within the organization
  • Drive the execution and continual improvement of the company’s information security program, including meeting HIPAA-HITECH, state, and GDPR compliance requirements
  • Identify and document cyber risks and manage mitigation, follow up on open security risks, and report issues to leadership
  • Assist with ad-hoc compliance reporting and follow up with customers and/or support partners to ensure all identified vulnerabilities are being addressed
  • Provide support to Information Security Incident Response team during cyber/privacy incidents
  • Validate that information security requirements are built into architectures and new technology projects
  • Ensures the running application and developing codebase protects the confidentiality, integrity, and availability of our customer's data
  • Evaluate the technical security posture of newly proposed third-party solutions

Benefits

  • Competitive salary - $100,000-$140,000
  • Employer sponsored health, dental, vision, life, and disability insurance
  • Retirement plan with company contribution
  • Annual company profit sharing
  • Personal development/training budget
  • Open, collaborative work environment
  • Extensive 2-week onboarding plan
  • Comprehensive mentorship program

Share this job:

Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.

Similar Remote Jobs

Please let TherapyNotes know you found this job on JobsCollider. Thanks! πŸ™