Governance, Risk, Compliance (GRC) Analyst

View full description

Requirements:

• Self-starter with minimal supervision.
• 5+ years of hands-on experience in Information Security certifications.
• Proven success in leading SOC 2, ISO 27001, PCI-DSS, and HITRUST frameworks.
• Experience in Vendor Risk Management Programs and third-party audits.
• Demonstrated experience in audits and compliance in healthcare and AI.
• Excellent communication and leadership skills.
• In-depth knowledge of relevant laws and regulations in healthcare.
• Strong analytical and problem-solving skills.

Responsibilities:

• Leading the implementation and maintenance of compliance frameworks such as SOC 2, ISO 27001, HITRUST, and PCI-DSS.
• Working closely with the Director of Risk and Compliance to improve GRC programs.
• Taking ownership of compliance certifications and audits.
• Mentoring junior team members and fostering a culture of learning.
• Conducting risk assessments and managing third-party vendor risks.
• Spearheading audits and ensuring compliance preparation and follow-up.
• Enhancing processes for security assessments and compliance training.