Senior Security Governance Risk & Compliance Analyst

Summary

Join Alma, a company simplifying access to affordable mental healthcare, as a Senior Security Governance Risk and Compliance (GRC) Analyst. You will be a principal aide to the VP of Security and IT, playing a critical role in fostering a secure environment. Responsibilities include performing risk assessments, maintaining security policies, developing a security awareness program, and managing vendor security. This role requires significant experience in information security, particularly GRC analysis within regulated industries. Alma offers a remote-first work environment and a comprehensive benefits package, including health insurance, 401k, stipends, and parental leave.

Requirements

• Have 5+ years of work experience in Information Security, especially in a GRC analysis role
• Have experience working in health tech or other highly regulated industries (banking, insurance, etc)
• Have experience leading SOC 2 audits and/or HITRUST certifications with minimal findings
• Have experience deploying GRC solutions (Drata or equivalent), putting in place a unified control framework enabling evidence collection automation and continuous compliance
• Strongly understand security best practices and controls frameworks (NIST CSF, NIST 800-53, AICPA Trust Services Criteria, HITRUST CSF, PCI DSS, HIPAA Security Rule, and Breach Notification)
• Have experience implementing security controls and policies that align with AWS security best practices
• Have experience driving security awareness programs, including phishing simulation tools (KnowBe4 or equivalent)
• Have experience performing risk assessments, with an understanding of quantitative risk analysis frameworks (FAIR)
• Have experience writing customer-facing materials in partnership with with product and marketing teams
• Have strong written and verbal communication skills and can convey complex technical topics to non-technical stakeholders clearly and concisely
• Feel a passion for Alma's mission – to improve the experience of therapy for providers and their clients and simplify access to care

Responsibilities

• Perform risk assessments and reports on Alma’s risk management program
• Collaborate with stakeholders to identify and facilitate the implementation of mitigating controls
• Streamline and maintain Alma’s security policies and standards
• Prepare the organization and facilitate annual audits and certifications (SOC 2, PCI)
• Educate Alma’s staff by creating and managing an effective security awareness program
• Develop our vendor risk program, ensuring our vendors meet Alma security standards
• Develop Alma’s Trust program, preparing materials and responses to security assessments, and making security a product differentiator that builds confidence and instills trust in our providers
• Develop and measure key metrics, and coordinate activities in support of cybersecurity priorities

Benefits

• We’re a remote-first company
• Health insurance plans through Aetna (medical and dental) and MetLife (vision), including FSA and HSA plans
• 401K plan (ADP)
• Monthly therapy and wellness stipends
• Monthly co-working space membership stipend
• Monthly work-from-home stipend
• Financial wellness benefits through Northstar
• Pet discount program through United Pet Care
• Financial perks and rewards through BenefitHub
• EAP access through Aetna
• One-time home office stipend to set up your home office
• Comprehensive parental leave plans
• 11 paid holidays, 1 Alma Mental Health Day, and 1 Alma Volunteering Day
• Flexible PTO