GRC Analyst- Compliance

Job Description: Artificial Intelligence; Advanced Technology; The very best in patient care. With decades of expertise, RadNet isLeading Radiology Forward. With dynamic cross-training and advancement opportunities in a team-focused environment, the core of RadNet’s success is its people with the commitment to a better healthcare experience. When you join RadNet as aGovernance, Risk and Compliance Analyst, you will be joining a dedicated team of professionals who deliver quality, value, and access in the 21st century and align all stakeholders- patients, providers, payors, and regulators to achieve the best clinical outcomes. You Will: • Evaluate IT systems, processes, and policies against regulatory requirements and industry standards. • Stay informed on evolving regulations, industry standards, and best practice in IT compliance. • Develop, update, and maintain IT policies, procedures, and guidelines in alignment with industry standards, compliance frameworks, and regulatory requirements (e.g., SOC 2, ISO 27001, NIST, HIPAA, GDPR, SOX). • Support internal stakeholders in understanding and implementing compliance requirements. • Work with IT Cyber and Security teams, Compliance, Legal, Internal Audit, and External Auditors, as well as act as a member of RadNet’s IS Policies and Procedures Committee. • Work closely with key stakeholders to conduct business impact assessments across multiple areas of the business. • Maintain RadNet’s enterprise risk register. • Conduct risk assessments to identify, analyze, and mitigate security and compliance risks. • Assist in third-party vendor risk management (VRM) by evaluating security controls and compliance posture. • Align policies and procedures with documentation requirements for all required compliance frameworks. • Identify process and procedure gaps between current IT practices and compliance requirements, and collaborate with internal stakeholders to develop and implement necessary workflows. • Support internal and external audits (SOC 1&2, HIPAA, SOX etc.) by gathering evidence and ensuring control effectiveness. • Coordinate with cross-functional teams to address compliance gaps and implement corrective actions. • Document audit compliance activities and track remediation efforts to completion. • Work closely with key stakeholders and system owners in the ongoing development of BC/DR plans. • Regularly update and test BC/DR plans to ensure readiness in the event of an incident. • Help ensure BC/DR documentation aligns with operational resilience requirements. • Support initiatives related to data security awareness training. • Assist in the development of security awareness programs to educate employees on security best practices. • Collaborate with IT security and compliance teams to ensure secure data handling and protection measures. Collaborate with Compliance Team to develop, track, and report on Security related training initiatives. • Create and maintain data flow diagrams and workflow diagrams as needed to support security, compliance, and operational initiatives. • Collaborate with IT and business teams to ensure diagrams accurately represent current processes and data flows. If You Are: • Exercise sound judgement and an ability to remain professional in all situations. • You demonstrate effective and professional communication, interpersonal skills and respect with patients, guests & colleagues. • You have a structured work-approach, understand complex problems and you are able to prioritize work in a fast-paced environment. To Ensure Success in This Role, You Must Have: • College education or work experience in a related field is required. • Strong understanding of risk assessment methodologies and risk mitigation strategies. • Previous experience in a GRC, IT security, risk management, or compliance role. • Ability to translate technical or complex concepts into user-friendly language. • Ability to collaborate, working closely with both functional and technical teams. • Ability to remain flexible as priorities change, adaptable to change, and able to accept ambiguity. • Ability to work independently and within a team environment. • Familiarity with compliance frameworks such as SOC 2, ISO 27001, NIST, HIPAA, GDPR, PCI-DSS. • Ability to communicate compliance and security concepts to both technical and non-technical audiences. • Experience in a regulated industry such as healthcare, finance, or technology. • Experience with GRC tools (e.g., Cybersaint, Archer, LogicGate). • CISSP, CISA, CRISC, CRCP certifications are a plus. • Strong understanding of application, operating system and database security controls. • Strong analytical skills. • Excellent communication skills including speaking in front of others. • Must be meticulously organized and self-motivated. • Writing skills, a must. • Strong interpersonal skills. • Ability to bring projects to completion. • Proven ability to work independently with minimal supervision. • Willingness to do some travel, 10% of time. We Offer: • Comprehensive Medical, Dental and Vision coverages. • Health Savings Accounts with employer funding. • Wellness dollars • 401(k) Employer Match • Free services at any of our imaging centers for you and your immediate family. #corpwest #compliance #grc #cissp #cisa #crcp #soc1 #soc2Pay Range: USD $70,000.00 - USD $90,000.00 /Yr.