GRC Analyst (Governance, Risk, and Compliance)

Employment Type: [Not Specified] Location Type: [Not Specified] Salary: [Not Specified]

About Us

We Are Modernizing Medicine (WAMM)! We’re a team of bright, passionate, and positive problem-solvers on a mission to place doctors and patients at the center of care through an intelligent, specialty-specific cloud platform. Our vision is a world where the software we build increases medical practice success and improves patient outcomes. Founded in 2010 by Daniel Cane and Dr. Michael Sherling, we have grown to over 3400 combined direct and contingent team members serving eleven specialties, and we are just getting started! ModMed's global headquarters is based in Boca Raton, FL, with a growing office in Hyderabad, India, and a robust remote workforce across the US, Chile, and Germany.

Our Accolades:

• South Florida Business Journal, Best Places to Work 2024
• Inc. 5000 Fastest-Growing Private Companies in America 2024
• 2024 Black Book Awards, ranked #1 EHR in 11 Specialties
• 2024 Spring Digital Health Awards, “Web-based Digital Health” category for EMA Health Records (Gold)
• 2024 Stevie American Business Award (Silver), New Product and Service: Health Technology Solution (Klara)

Join Us! We are united in our mission to make a positive impact on healthcare.

Position Overview

ModMed is hiring a driven GRC Analyst (Governance, Risk, and Compliance) Analyst to support the development and implementation of GRC strategies within ModMed. This role will ensure that ModMed adheres to regulatory requirements, industry standards, and best practices for cybersecurity. The ideal candidate will have a strong understanding of GRC frameworks, experience in risk assessment and management, and the ability to collaborate across various departments to enhance our security posture.

Responsibilities

Governance

• Develop and maintain cybersecurity policies, procedures, and standards.
• Ensure alignment of cybersecurity practices with business objectives and regulatory requirements.
• Assist in the creation and management of the cybersecurity governance framework.

Risk Management

• Conduct risk assessments on third parties to identify and evaluate potential cybersecurity risks.
• Develop and implement risk mitigation strategies and controls.
• Monitor and report on risk management activities and the effectiveness of controls.

Compliance

• Ensure compliance with industry regulations and standards (PCI, HIPAA, SOC2).
• Conduct regular audits and assessments to ensure adherence to compliance requirements.
• Collaborate with internal and external auditors during compliance reviews and audits.

Security Awareness & Training

• Develop and deliver cybersecurity awareness training materials.
• Promote a culture of cybersecurity awareness across the organization.
• Monitor and report on the effectiveness of security awareness initiatives.

Reporting & Documentation

• Prepare regular reports on GRC activities and metrics for senior security management.
• Maintain comprehensive documentation of all GRC activities, policies, and procedures.
• Ensure proper documentation of risk assessments, audit findings, and compliance activities.

Skills & Requirements

• Education: Bachelor’s degree in Information Security, Cybersecurity, or Information Technology or equivalent education and experience.
• Experience: Minimum of 3-5 years of experience in information security GRC, or related fields.
• Frameworks & Standards: Strong understanding of security frameworks and standards (NIST CSF, PCI, HIPAA, SOC2, CIS Controls).
• Risk Management: Experience with PCI, HIPAA, SOC2, CIS Controls, and risk management, enterprise security risk management. Proficiency in PCI and security risk assessments methodologies and tools.
• Tools: Experience with GRC tools and technologies.
• Certifications: PCIP, ISA, CISA Certification (preferred).
• Healthcare: Familiarity with healthcare industry regulations and standards is a plus.
• Skills: Excellent problem-solving skills, strong communication and interpersonal skills.

#LI-DV1

ModMed Benefits Highlight

At ModMed, we believe it’s important to offer a competitive benefits package designed to meet the...