TherapyNotes, LLC
TherapyNotes™ is the industry-preferred online EHR for behavioral health. Try one month free!
Lead GRC Analyst
Location
United States
Posted
10 hours ago
Salary
$125K - $165K / year
Bachelor Degree5 yrs expEnglishCloud
Job Description
• Architect, implement, and continuously mature the organization’s Governance, Risk, and Compliance (GRC) program
• Lead organization-wide risk identification, analysis, and treatment processes
• Lead end-to-end third-party risk management activities
• Conduct formal risk assessments across infrastructure, application, vendor, and business process domains
• Collaborate with cross-functional teams to integrate GRC principles into business processes and systems
• Monitor evolving regulatory requirements, enforcement trends, and industry best practices
• Provide guidance and training to employees on GRC policies, procedures, and best practices
• Oversee the execution of audits, assessments, and compliance activities
• Ensure documentation artifacts support evidentiary requirements for regulatory examinations and certification audits
• Act as a liaison with external auditors, regulators, and stakeholders on GRC-related matters
• Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives
• Mentor and coach GRC analysts, fostering their professional development and growth within the organization
• Drive continual improvement of the organization’s information security program
• Identify and document cyber risks and manage mitigation
• Assist with ad-hoc compliance reporting
• Provide support to Information Security Incident Response team
• Review architectural designs and new technology initiatives
Job Requirements
- BS degree in Information Security, Risk Management, Business Administration, or related field
- 5+ years of experience in GRC, risk management, or related fields, with demonstrated leadership experience
- Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) strongly preferred
- Strong knowledge of regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS, CPRA) and industry standards (e.g., ISO 27001, NIST).
- Expert in designing, implementing, and maintaining security solutions
- Understanding of modern approaches to GRC such as Policy-as-Code and Compliance-as-Code
- Experience developing and implementing GRC frameworks, policies, and procedures
- Excellent analytical skills with the ability to assess complex risks and develop effective mitigation strategies
- Exceptional communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization
- Proven ability to lead and manage projects, including coordinating cross-functional teams and delivering results on time
- Ability to adapt to a fast-paced and dynamic environment, with a focus on continuous improvement and innovation
- Proficiency with security standards and secure configuration baselines such as CIS or OWASP
- Proficiency with cloud-based solutions and web related technologies.
Benefits
- Employer sponsored health, dental, vision, life, and disability insurance
- Retirement plan with company contribution
- Annual company profit sharing
- Personal development/training budget
- Open, collaborative work environment
- Extensive 2-week onboarding plan
- Comprehensive mentorship program
