Governance Risk and Compliance (GRC) Lead

Governance Risk and Compliance (“GRC”) Lead

Enlace Health delivers the only end-to-end solution that solves the infrastructure challenges driving today’s unsustainable healthcare system. Connecting payers, providers, and patients, Enlace™ empowers any type of healthcare delivery model, from facilitating retrospective programs to enabling risk for prospective programs. Combining executive-level healthcare DNA with an extensible technology platform, Enlace is the bridge from chaotic healthcare to the healthcare world when Triple Aim optimization is truly realized.

At Enlace Health, our people are our greatest asset. Our culture is founded upon integrity, hard work, and the relentless pursuit to make a difference. We think creatively, we like a challenge and draw inspiration from each other. As the Governance Risk and Compliance (“GRC”) Lead, you will be responsible for leading and scaling Enlace’s GRC program through continuous monitoring and automation. This role will run day-to-day operations of our HITRUST assessments, including document collection and coordination with our external assessors. This person will have an active role in the evolution of our security program, and a tremendous opportunity for growth. 

This role is right for you if:

• You have a passion for business, and you seek understanding of the incentives and financial structures of business (ranging from healthcare to the unit economics of the store down the street)
• You are passionate about security or have an interest in learning more. While you would come in expected to lead the GRC program, rotation into security analyst and engineering areas could be performed.
• You’re excited about contributing to the rapid growth of a mission-driven healthcare technology company
• You’re characterized by others as a relationship builder
• Lack of automation frustrates you and your curiosity and frustration drives you to create automations

Essential duties include:

• Run and maintain the Enlace HITRUST program.
• Respond to client requests as it relates to internal security protocols and systems.
• Work with our external partner to perform vendor security reviews.
• Build automations into out HITRUST program to decrease work effort while maintaining or increases assurance level.
• Review new and existing business processes to determine security and IT risks.
• Support organizational audit needs as necessary.
• Enhance and maintain internal security alert systems.

Position Requirements:

• 3+ years of experience in an audit, consulting, IT, or security role.
• Bachelor’s degree in computer science, MIS, accounting, business or similar technology discipline a plus. A technology focused Bootcamp graduate (especially with a strong business background) would be strongly considered as well.
• Familiarity with HITRUST or similar security auditing types (SOC 2, NIST, etc.).
• CISA, CISSP, CEH, and/or AWS Certification is a plus.
• Desire to work cross functionally to weave security into the company culture.
• Interest in coming up with creative solutions and automating processes.
• Experience automating processes in support of security programs.
• Experience with Hyperproof (or similar GRC systems) a plus.
• Deep understanding of and familiarity with AWS native security services.
• History of creative problem solving rather than strictly “by the book” solutioning.
• Confident interacting with stakeholders of varying degrees of seniority.
• Excellent written and verbal communication skills.

Position Perks:

Enlace Health offers competitive benefits and perks to all our employees! Our comprehensive benefits package is one of the many ways we show our employees how valued they are. All full-time employees are eligible for the following:

• FREE medical, dental, and vision insurance for employees on select plans
• $600 annual contribution into qualifying HSAs
• UNLIMITED time off
• Matching 401(k) plan
• Mac laptop and accessories
• Company-paid short-term and long-term disability
• Company-paid life insurance
• Annual professional development stipend

All employees are required to maintain confidentiality as related to patient information. Employees are required to follow the acceptable use policy while using any information systems owned or controlled by Enlace. Any disclosures of confidential information made unlawfully outside the proper course of duty will be treated as a serious disciplinary offense. Security roles and responsibilities include:

• Implementing and acting in accordance with the organization’s information security policies
• Protecting assets from unauthorized access, disclosure, modification, destruction, or interference
• Executing particular security processes or activities
• Ensuring responsibility is assigned to the individual for actions taken