Alma

Senior Security Governance Risk & Compliance (GRC) Analyst

United States

Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Healthcare, Mental Health, HealthTech, Software & TechnologyIndustries

Position Overview

  • Location Type: Remote
  • Employment Type: Full-time
  • Salary: Not specified

Alma is on a mission to simplify access to high-quality, affordable mental health care. We do this by making it easy and financially rewarding for therapists to accept insurance and offer in-network care. When a provider joins Alma, they gain access to a suite of tools that not only help them better run their business, but also grow it sustainably and develop as a provider. Alma is available in all 50 states, with over 20,000 therapists in our growing network. Anyone looking for a therapist can browse Alma’s free directory. Alma has raised $220.5M in funding from Insight Partners, Optum Ventures, Tusk Venture Partners, Primary Venture Partners, First Round Capital, Sound Ventures, BoxGroup, Cigna Ventures, and Rainfall Ventures. Alma was also named one of Inc’s Best Workplaces in 2022 and 2023.

Senior Security Governance Risk & Compliance (GRC) Analyst

Alma is seeking a mission-driven Senior Security Governance Risk and Compliance (GRC) Analyst to join our team. We are dedicated to building secure and compliant tools and services that help providers more easily manage and grow their practice. Acting as a principal aide to the VP of Security and IT, this role will play a critical role in enabling a culture of security at Alma, making security a product differentiator that builds confidence and trust with our providers, and preparing Alma for annual audits and certifications (such as SOC 2 and HITRUST).

Responsibilities

  • Perform risk assessments and reports on Alma’s risk management program.
  • Collaborate with stakeholders to identify and facilitate the implementation of mitigating controls.
  • Streamline and maintain Alma’s security policies and standards.
  • Prepare the organization and facilitate annual audits and certifications (SOC 2, PCI).
  • Educate Alma’s staff by creating and managing an effective security awareness program.
  • Develop our vendor risk program, ensuring our vendors meet Alma security standards.
  • Develop Alma’s Trust program, preparing materials and responses to security assessments, and making security a product differentiator that builds confidence and instills trust in our providers.
  • Develop and measure key metrics, and coordinate activities in support of cybersecurity priorities.

Requirements

  • 5+ years of work experience in Information Security, especially in a GRC analysis role.
  • Experience working in health tech or other highly regulated industries (banking, insurance, etc.).
  • Experience leading SOC 2 audits and/or HITRUST certifications with minimal findings.
  • Experience deploying GRC solutions (Drata or equivalent), putting in place a unified control framework enabling evidence collection.

Skills

Risk Assessments
Security Policies
Security Controls
Audit Preparation
SOC 2
HITRUST
Security Governance
Risk Management

Alma

Digital platform connecting clients with therapists

About Alma

Alma connects individuals seeking mental health services with a variety of therapists through its digital platform, helloalma.com. The platform primarily serves clients looking for therapy for issues like anxiety, depression, personal growth, and relationship challenges. Alma's approach focuses on making therapy more affordable by partnering with insurance companies, allowing clients to save an average of 77% on therapy costs. This affordability is a key aspect that sets Alma apart from other mental health services. Additionally, Alma supports therapists by offering resources for continuing education and professional development, ensuring they are well-prepared to assist their clients. The company emphasizes the importance of the client-therapist relationship, aiming to match clients with therapists who best meet their individual needs. Alma operates on a membership model, where therapists pay a fee to access the platform's resources and client base.

New York City, New YorkHeadquarters
2018Year Founded
$214.5MTotal Funding
SERIES_DCompany Stage
HealthcareIndustries
1,001-5,000Employees

Benefits

Remote Work Options
Health Insurance
Dental Insurance
Vision Insurance
401(k) Retirement Plan
Wellness Program
Home Office Stipend
Parental Leave
Paid Holidays
Unlimited Paid Time Off

Risks

Increased competition from platforms like Headway and SonderMind could impact Alma's market share.
Rapid expansion to 8,000 providers may challenge service quality and support.
Regulatory changes in telehealth reimbursement policies could affect Alma's business model.

Differentiation

Alma partners with insurance companies to make therapy more affordable for clients.
The platform offers a comprehensive suite of tools for therapists, including scheduling and billing.
Alma emphasizes client-therapist matching to ensure personalized and effective therapy sessions.

Upsides

Alma raised $130 million in Series D funding to expand its platform and services.
The decreasing stigma around mental health is increasing demand for Alma's services.
Alma's integration of AI can enhance client-matching algorithms and service delivery.

Land your dream remote job 3x faster with AI