• Job Description

  Req#: 3334572
  We're looking for our next bold leader - a Senior Security Operations Governance, Risk & Compliance (GRC) Analyst - to join our quest to provide market-transforming solutions for businesses, care teams and consumers to interactively manage health and care.
  
  At Medecision, each person contributes uniquely to our mission and our ability to raise the level of experience we provide to all our customers and colleagues. The role of Senior Security Operations Governance, Risk & Compliance (GRC) Analyst is no different, and in fact, plays a key role executing security operations (GRC) strategies in a fast-changing environment where new services and technologies constantly are evolving. The person in this role helps drive Medecision's success by ensuring effective security operations GRC controls and regulatory compliance across the enterprise are being met following a risk-based approach in accordance with established company policies and procedures. They also contribute to our ability to identify vulnerabilities and assess real business risk and work collaboratively with senior stakeholders to build strong relationships which delight our clients.
  
  WHAT WE'RE LOOKING FOR:
  
  The ideal candidate for the role of Senior Security Operations Governance, Risk & Compliance (GRC) Analyst will demonstrate a true passion for building trusting, rewarding customer and employee experiences, operational excellence, and the products and service we provide. They will share our passion for driving improvements in healthcare. They will understand what a successful customer centric organization looks like and feels like and be able to articulate and infuse that ideology cross-functionally throughout the organization. The Senior Security Operations Governance, Risk & Compliance (GRC) Analyst must have the ability to perform at the highest levels, often partnering cross-functionally to build robust risk management and security programs, identifying and mitigating risks, establishing security policies and practices, implementing security controls, and educating stakeholders.
  
  To be successful, the Senior Security Operations Governance, Risk & Compliance (GRC) Analyst will have a knack for working creatively and analytically in a problem-solving environment. They will be someone who specifically possesses a desire to work in a fast paced and highly collaborative environment. On a given day your work will focus on the governance, risk management, and compliance aspects of Medecision's security framework. You will help ensure our organization adheres to regulatory requirements and internal policies while managing risks effectively. It is vital to apply deep security skills to design, build and protect enterprise systems, applications, data, and assets for Medecision and our clients through effective collaboration with a variety of business partners and juggle multiple tasks in a dynamic, fast paced environment.
  
  Are you ready? We are! Join us in our journey to innovate solutions that solve real problems and partner with our clients to transform healthcare.
  
  Location: Remote
  
  Reporting: VP Security
  
  Requirements
  
  WHAT YOU'LL DO:
  
  • Responsible for the planning, design, enforcement and audit of security policies, standards and procedures which safeguard the integrity of and access to enterprise systems, files and data elements, analyzing, tracking and acting on security policy exceptions, audits and assessments.
  • Assess and communicate security risks to stakeholders.
  • Provide guidance on security best practices tailored to specific business needs.
  • Proficiency in risk management and incident response.
  • Provide recommendations for adaptation of processes or policies; recognizing and identifying potential areas where existing security policies, standards and procedures require change, or where new ones need to be developed, especially as a result of future business expansion and technological advances
  • Provide management with analysis via risk assessments and briefings/reports to advise stakeholders of critical security issues that may affect Medecision's business objectives and/or compliance.
  • Evaluates and recommends security controls and/or processes to reduce risk and maintain compliance with applicable policies, mandates, laws and regulations.
  • Implement activities associated with security awareness programs and provides education and training on security policies, standards and practices.
  • Coordinate control assessments and working with appropriate Subject Matter Experts (SMEs) to document remediation plans
  • Serving as a project lead and mentor employees across Medecision in security efforts.
  • Complete other duties as assigned.
  • Comply with all security policies and HITURST controls.
  
  WHAT YOU'LL BRING:
  
  • Minimum of 5 years of IT Security Compliance experience (or equivalent).
  • CISA, CRISC, CISM, Security + and/or other relevant designations highly preferred.
  • Experience assessing compliance with HITRUST (highly valuable) MARS-E, FedRAMP, HIPAA, NIST-CSF,
  • Experience in assessing security requirements in relation to business drivers for the healthcare industry
  • Familiarity with GRC tools and platforms, as well as security technologies such as SIEM and vulnerability management systems. Demonstrated ability to understand technical requirements and translate to security procedures and policies.
  • Demonstrated experience with leading audits in a regulated environment. HITURST framework is highly valuable.
  • Excellent attention to detail
  • Strong interpersonal and customer relationship skills
  • Ability to communicate effectively at all levels; Excellent written English
  • Ability to work independently as needed yet always thinking as part of a team
  
  Target Salary Range: $130,000 - $145,000

• About the company

  The best remote jobs for you

Notice