Cyber GRC Analyst

ModMed is hiring a driven Cyber GRC (Governance, Risk, and Compliance) Analyst who will be responsible for supporting the development and implementation of GRC strategies within ModMed. This role will ensure that ModMed adheres to regulatory requirements, industry standards, and best practices for cybersecurity. The ideal candidate will have a strong understanding of GRC frameworks, experience in risk assessment and management, and the ability to collaborate across various departments to enhance our security posture within a fast-paced Healthcare IT company that is truly Modernizing Medicine!

Your Role:

• Develop and maintain cybersecurity policies, procedures, and standards
• Ensure alignment of cybersecurity practices with business objectives and regulatory requirements
• Assist in the creation and management of the cybersecurity governance framework
• Conduct risk assessments on third-parties to identify and evaluate potential cybersecurity risks
• Develop and implement risk mitigation strategies and controls
• Monitor and report on risk management activities and the effectiveness of controls
• Ensure compliance with industry regulations and standards (e.g., HIPAA)
• Conduct regular audits and assessments to ensure adherence to compliance requirements
• Collaborate with internal and external auditors during compliance reviews and audits
• Develop and deliver cybersecurity awareness training materials 
• Promote culture of cybersecurity awareness across the organization
• Monitor and report on the effectiveness of security awareness initiatives
• Prepare regular reports on GRC activities and metrics for senior security management
• Maintain comprehensive documentation of all GRC activities, policies, and procedures
• Ensure proper documentation of risk assessments, audit findings, and compliance activities 

Skills & Requirements:

• Bachelor’s degree or equivalent education and experience
• Minimum of 3-5 years of experience in information security GRC, or related fields 
• Experience with third-party risk management, enterprise security risk management, and security awareness
• Proficiency in risk assessment methodologies and tools
• Excellent problem-solving skills
• Strong communication and interpersonal skills
• Familiarity with healthcare industry regulations and standards is a plus
• Strong understanding of security frameworks and standards (e.g., NIST CSF, HITRUST)
• Experience with GRC tools and technologies
• CISSP Certification
• CISM Certification

#LI#LA1