Overview
Job Description
The Senior Security GRC Analyst is responsible for implementing and managing the day-to-day operation of the organization's information security program and plays a critical role in ensuring Forefront’s technology and information assets are appropriately guarded from external and internal threats. The Sr GRC Analyst provides guidance and helps make critical decisions about security risk assessment, solutions, and the organization's ongoing evolution of its IT security program.
This position will review systems and third-party solutions to identify potential security weaknesses, recommend improvements to amend vulnerabilities, implement changes, and document upgrades. The Senior Security GRC Analyst will also work to ensure that the company's IT networks, applications, and infrastructure meet all applicable regulatory and compliance requirements while engaging with other IT and Business teams in the organization.
Full Time: 40 hours a week
Salaried
Remote
Monday - Friday
Additional Benefits Include
- Paid Time Off (PTO) (start accruing on first day of employment)
- Paid Company Holidays
- Eligibility for Health, Dental, and Vision coverage, and flexible and health spending accounts, subject to the plan terms. Benefits begin the first of the month following date of hire.
- 401(k) retirement plan starts 3 months after the first of the month following date of hire.
- Free Professional, confidential consultation, 24 hour a day via phone for employees and their eligible dependents from our Employee Assistance Program.
- Employer provided $20,000 Basic Life/AD&D coverage, Short Term and Long Term Disability Insurance coverage.
- Eligible for and Voluntary Life Insurance, and Voluntary Insurance options, which include: Pet Insurance, and ID Theft/Device Protection Insurance, Accident Coverage, Critical Illness Coverage, Hospital Indemnity Coverage, and Cancer Risk & Support Coverage.
- Employee discounts on services offered at Forefront Dermatology
Responsibilities
- Lead risk assessment processes to identify, evaluate, and mitigate security risks related to healthcare data, applications, and infrastructure.
- Maintain and improve the Risk Register, ensuring that all risks are documented, prioritized, and addressed according to company risk tolerance levels.
- Lead internal audits and readiness assessments for regulatory compliance and external audits, including coordinating with third-party assessors.
- Monitor and assess the effectiveness of security controls and compliance processes, identifying areas for continuous improvement.
- Conduct security risk assessments for vendors, third-party applications, and service providers handling sensitive information.
- Ensure that third-party contracts include security and compliance requirements, conducting ongoing reviews of their security postures.
- Develop and deliver security awareness training programs focused on GRC and regulatory compliance for internal staff, including healthcare professionals.
- Work closely with the Security Operations team to ensure proper incident management and resolution processes are in place for security incidents.
- Provide guidance and support in creating detailed documentation of incidents, including root cause analysis and after-action reviews.
- Act as a GRC subject matter expert, providing ongoing coaching and support to various departments.
- Identify, develop, manage, and report operational cybersecurity metrics in security GRC areas in alignment with established security frameworks and maintain security metric data and dashboard.
- Serve as a liaison between the security team and business units, fostering a culture of security and compliance across the organization.
- Mentor and guide less experienced members of the GRC and Information Security team.
- Adherence to compliance and completion of compliance training
- Performs other related duties as assigned.
Qualifications
Education & Experience:
- Bachelor’s degree in Information Security, Cybersecurity, Information Technology, or related field. Master’s degree or equivalent experience is a plus.
- Professional certifications such as CISM, CISA, CRISC, HITRUST CCSFP or other security relevant certifications preferred
- 5+ years of experience in security governance, risk, and compliance, preferably in the healthcare sector.
- Experience in healthcare regulations such as HIPAA, HITRUST, and PCI DSS, and familiarity with frameworks such as NIST, ISO 27001, and SOC 2.
- Experience in technology controls review, risk assessment, and policy review.
- Experience leading audits and assessments related to healthcare compliance (e.g., HIPAA, HITRUST certification, SOC 2).
Knowlwdge, Skills And Abilites
- Strong understanding of healthcare data security, privacy regulations, and best practices.
- Familiarity with TPRM and GRC platforms (e.g., OneTrust, LogicGate, Vanta).
- Familiarity with Training and Awareness tools and platforms (e.g., KnowBe4, Proofpoint, Microsoft, Cofense).
- Familiarity with Microsoft, AWS, or Google Cloud.
- Excellent written and verbal communication skills including the ability to articulate complex issues to both technical and non-technical stakeholders.
- Ability to work effectively with stakeholders across departments and affiliated organizations.
- Action-oriented with high standard for quality and performance.
- Excellent problem solving and strong project management skills.
#INDAMA