Summary
Join Alma, a company simplifying access to affordable mental healthcare, as a Senior Security Governance Risk and Compliance (GRC) Analyst. You will be a principal aide to the VP of Security and IT, playing a critical role in fostering a secure environment. Responsibilities include performing risk assessments, maintaining security policies, developing a security awareness program, and managing vendor security. This role requires significant experience in information security, particularly GRC analysis within regulated industries. Alma offers a remote-first work environment and a comprehensive benefits package, including health insurance, 401k, stipends, and parental leave.
Requirements
- Have 5+ years of work experience in Information Security, especially in a GRC analysis role
- Have experience working in health tech or other highly regulated industries (banking, insurance, etc)
- Have experience leading SOC 2 audits and/or HITRUST certifications with minimal findings
- Have experience deploying GRC solutions (Drata or equivalent), putting in place a unified control framework enabling evidence collection automation and continuous compliance
- Strongly understand security best practices and controls frameworks (NIST CSF, NIST 800-53, AICPA Trust Services Criteria, HITRUST CSF, PCI DSS, HIPAA Security Rule, and Breach Notification)
- Have experience implementing security controls and policies that align with AWS security best practices
- Have experience driving security awareness programs, including phishing simulation tools (KnowBe4 or equivalent)
- Have experience performing risk assessments, with an understanding of quantitative risk analysis frameworks (FAIR)
- Have experience writing customer-facing materials in partnership with with product and marketing teams
- Have strong written and verbal communication skills and can convey complex technical topics to non-technical stakeholders clearly and concisely
- Feel a passion for Alma's mission – to improve the experience of therapy for providers and their clients and simplify access to care
Responsibilities
- Perform risk assessments and reports on Alma’s risk management program
- Collaborate with stakeholders to identify and facilitate the implementation of mitigating controls
- Streamline and maintain Alma’s security policies and standards
- Prepare the organization and facilitate annual audits and certifications (SOC 2, PCI)
- Educate Alma’s staff by creating and managing an effective security awareness program
- Develop our vendor risk program, ensuring our vendors meet Alma security standards
- Develop Alma’s Trust program, preparing materials and responses to security assessments, and making security a product differentiator that builds confidence and instills trust in our providers
- Develop and measure key metrics, and coordinate activities in support of cybersecurity priorities
Benefits
- We’re a remote-first company
- Health insurance plans through Aetna (medical and dental) and MetLife (vision), including FSA and HSA plans
- 401K plan (ADP)
- Monthly therapy and wellness stipends
- Monthly co-working space membership stipend
- Monthly work-from-home stipend
- Financial wellness benefits through Northstar
- Pet discount program through United Pet Care
- Financial perks and rewards through BenefitHub
- EAP access through Aetna
- One-time home office stipend to set up your home office
- Comprehensive parental leave plans
- 11 paid holidays, 1 Alma Mental Health Day, and 1 Alma Volunteering Day
- Flexible PTO
Disclaimer: Please check that the job is real before you apply. Applying might take you to another website that we don't own. Please be aware that any actions taken during the application process are solely your responsibility, and we bear no responsibility for any outcomes.