Lead GRC Analyst

Summary

Join TherapyNotes, a leading behavioral health software company, as a Cybersecurity professional. This role requires expertise in cybersecurity compliance, risk management, and security awareness training. You will serve as a liaison for external audits, oversee an internal cybersecurity audit program, and lead a team of GRC Analysts. A strong understanding of regulatory requirements and industry best practices is essential. The position offers a competitive salary, comprehensive benefits, and opportunities for professional development. Let's revolutionize behavioral health software together!

Requirements

• BS degree from an accredited postsecondary institution or program in Information Security, Risk Management, Business Administration, or related field
• 5+ years of experience in GRC, risk management, or related fields, with demonstrated leadership experience
• Strong knowledge of regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS, CPRA) and industry standards (e.g., ISO 27001, NIST)
• Expert in designing, implementing, and maintaining security solutions
• Experience developing and implementing GRC frameworks, policies, and procedures
• Expert in OWASP, CIS and/or other security standards and secure configuration baselines
• Proficiency with cloud-based solutions and web related technologies

Responsibilities

• Develop and implement GRC strategies, policies, and procedures to ensure compliance with regulatory standards and industry best practices
• Lead the assessment and management of risks across the organization, including conducting risk assessments, identifying gaps, and developing mitigation plans
• Collaborate with cross-functional teams to integrate GRC principles into business processes and systems
• Monitor regulatory changes and industry trends to ensure the organization remains compliant and proactive in addressing emerging risks
• Provide guidance and training to employees on GRC policies, procedures, and best practices
• Oversee the execution of audits, assessments, and compliance activities to validate adherence to compliance standards
• Act as a liaison with external auditors, regulators, and stakeholders on GRC-related matters
• Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives
• Mentor and coach GRC analysts, fostering their professional development and growth within the organization
• Drive the execution and continual improvement of the company’s information security program, including meeting HIPAA-HITECH, state, and GDPR compliance requirements
• Identify and document cyber risks and manage mitigation, follow up on open security risks, and report issues to leadership
• Assist with ad-hoc compliance reporting and follow up with customers and/or support partners to ensure all identified vulnerabilities are being addressed
• Provide support to Information Security Incident Response team during cyber/privacy incidents
• Validate that information security requirements are built into architectures and new technology projects
• Ensures the running application and developing codebase protects the confidentiality, integrity, and availability of our customer's data
• Evaluate the technical security posture of newly proposed third-party solutions

Preferred Qualifications

Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC)

Benefits

• Competitive salary - $100,000-$140,000
• Employer sponsored health, dental, vision, life, and disability insurance
• Retirement plan with company contribution
• Annual company profit sharing
• Personal development/training budget
• Open, collaborative work environment
• Extensive 2-week onboarding plan
• Comprehensive mentorship program