GRC Analyst

<div class="content-intro">We are united in our mission to make a positive impact on healthcare. Join Us! <ul><li>South Florida Business Journal, Best Places to Work 2024</li><li>Inc. 5000 Fastest-Growing Private Companies in America 2024</li><li>2024 Black Book Awards, ranked #1 EHR in 11 Specialties</li><li>2024 Spring Digital Health Awards, “Web-based Digital Health” category for EMA Health Records (Gold)</li><li>2024 Stevie American Business Award (Silver), New Product and Service: Health Technology Solution (Klara)</li></ul>Who we are:We Are Modernizing Medicine (<a href="https://www.youtube.com/watch?v=NspiqEzcgRQ&t=2s" target="_blank">WAMM</a>)! We’re a team of bright, passionate, and positive problem-solvers on a mission to place doctors and patients at the center of care through an intelligent, specialty-specific cloud platform. Our vision is a world where the software we build increases medical practice success and improves patient outcomes. Founded in 2010 by<a href="https://www.modmed.com/company/leadership/" target="_blank"> Daniel Cane and Dr. Michael Sherling</a>, we have grown to over 3400 combined direct and contingent team members serving eleven specialties, and we are just getting started! ModMed's global headquarters is based in Boca Raton, FL, with a growing office in Hyderabad, India, and a robust remote workforce across the US, Chile, and Germany.<hr> </div><a href="https://www.modmed.com/company/" target="_blank">ModMed</a> is hiring a driven GRC Analyst (Governance, Risk, and Compliance) Analyst to support the development and implementation of GRC strategies within ModMed. This role will ensure that ModMed adheres to regulatory requirements, industry standards, and best practices for cybersecurity. The ideal candidate will have a strong understanding of GRC frameworks, experience in risk assessment and management, and the ability to collaborate across various departments to enhance our security posture.Your Role:Governance<ul><li>Develop and maintain cybersecurity policies, procedures, and standards.</li><li>Ensure alignment of cybersecurity practices with business objectives and regulatory requirements.</li><li>Assist in the creation and management of the cybersecurity governance framework.</li></ul>Risk Management<ul><li>Conduct risk assessments on third parties to identify and evaluate potential cybersecurity risks.</li><li>Develop and implement risk mitigation strategies and controls.</li><li>Monitor and report on risk management activities and the effectiveness of controls.</li></ul>Compliance<ul><li>Ensure compliance with industry regulations and standards (PCI, HIPAA, SOC2).</li><li>Conduct regular audits and assessments to ensure adherence to compliance requirements.</li><li>Collaborate with internal and external auditors during compliance reviews and audits.</li></ul>Security Awareness & Training<ul><li>Develop and deliver cybersecurity awareness training materials.</li><li>Promote a culture of cybersecurity awareness across the organization.</li><li>Monitor and report on the effectiveness of security awareness initiatives.</li></ul>Reporting & Documentation<ul><li>Prepare regular reports on GRC activities and metrics for senior security management.</li><li>Maintain comprehensive documentation of all GRC activities, policies, and procedures.</li><li>Ensure proper documentation of risk assessments, audit findings, and compliance activities.</li></ul>Skills & Requirements:<ul><li>Bachelor’s degree in Information Security, Cybersecurity, or Information Technology or equivalent education and experience.</li><li>Minimum of 3-5 years of experience in information security GRC, or related fields.</li><li>Experience with PCI, HIPAA, SOC2, CIS Controls, and risk management, enterprise security risk management.</li><li>Familiarity with healthcare industry regulations and standards is a plus.</li><li>Proficiency in PCI and security risk assessments methodologies and tools.</li><li>Excellent problem-solving skills.</li><li>Strong communication and interpersonal skills.</li><li>Strong understanding of security frameworks and standards (NIST CSF, PCI, HIPAA, SOC2, CIS Controls).</li><li>Experience with GRC tools and technologies PCIP, ISA CISA Certification.</li></ul>#LI-DV1<div class="content-conclusion">ModMed Benefits Highlight:  At ModMed, we believe it’s important to offer a competitive benefits package designed to meet the diverse needs of our growing workforce. Eligible Modernizers can enroll in a wide range of benefits:India<ul><li>Meals & Snacks: Enjoy complimentary office lunches & dinners on select days and healthy snacks delivered to your desk,</li><li>Insurance Coverage: Comprehensive health, accidental, and life insurance plans, including coverage for family members, all at no cost to employees,</li><li>Allowances: Annual wellness allowance to support your well-being and productivity,</li><li>Earned, casual, and sick leaves to maintain a healthy work-life balance,</li><li>Bereavement leave for difficult times and extended medical leave options,</li><li>Paid parental leaves, including maternity, paternity, adoption, surrogacy, and abortion leave,</li><li>Celebration leave to make your special day even more memorable, and company-paid holidays to recharge and unwind.</li></ul>United States<ul><li style="line-height: 1.5;">Comprehensive medical, dental, and vision benefits, including a company Health Savings Account contribution,</li><li style="line-height: 1.5;">401(k):  ModMed provides a matching contribution each payday of 50% of your contribution deferred on up to 6% of your compensation. After one year of employment with ModMed, 100% of any matching contribution you receive is yours to keep.</li><li style="line-height: 1.5;">Generous Paid Time Off and Paid Parental Leave programs,</li><li style="line-height: 1.5;">Company paid Life and Disability benefits, Flexible Spending Account, and Employee Assistance Programs,</li><li style="line-height: 1.5;">Company-sponsored <a href="https://www.modmed.com/company/social-responsibility/">Business Resource & Special Interest Groups</a> that provide engaged and supportive communities within ModMed,</li><li style="line-height: 1.5;">Professional development opportunities, including tuition reimbursement programs and unlimited access to <a href="https://www.linkedin.com/learning/subscription/topics?src=go-pa&veh=sem_src.go-pa_c.LLS-C_NAMER_All_US_Search_Google-Brand_DR-PRS_Broad_LIL-HeadTerm-Alpha_All_English_Core-MKAG_pkw.linkedin%20learning_pmt.e_pcrid.343926466304_pdv.c_plc._trgid.kwd-47311766595_net.g_learning&trk=sem_src.go-pa_c.LLS-C_NAMER_All_US_Search_Google-Brand_DR-PRS_Broad_LIL-HeadTerm-Alpha_All_English_Core-MKAG_pkw.linkedin%20learning_pmt.e_pcrid.343926466304_pdv.c_plc._trgid.kwd-47311766595_net.g_learning&mcid=6626616148786065462&cname=&camid=664286762&asid=37446315521&targetid=kwd-47311766595&crid=343926466304&placement=&dev=c&ends=1&gclid=Cj0KCQiAmL-ABhDFARIsAKywVaehuw9WLkfw1_Fpjj2ausilUwEui5-YCog3rFfTnqug4lO45n9Wm7waApJ9EALw_wcB&gclsrc=aw.ds">LinkedIn Learning</a>,</li><li style="line-height: 1.5;">Global presence and in-person collaboration opportunities; dog-friendly HQ (US), Hybrid office-based roles and remote availability for some roles,</li><li>Weekly catered breakfast and lunch, treadmill workstations, Zen, and wellness rooms within our BRIC headquarters.</li></ul><hr>PHISHING SCAM WARNING: ModMed is among several companies recently made aware of a phishing scam involving imposters posing as hiring managers recruiting via email, text and social media. The imposters are creating misleading email accounts, conducting remote "interviews," and making fake job offers in order to collect personal and financial information from unsuspecting individuals. Please be aware that no job offers will be made from ModMed without a formal interview process, and valid communications from our hiring team will come from our employees with a ModMed email address (<a href="mailto:first.lastname@modmed.com">first.lastname@modmed.com</a>). Please check senders’ email addresses carefully.  Additionally, ModMed will not ask you to purchase equipment or supplies as part of your onboarding process. If you are receiving communications as described above, please report them to the <a href="https://consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams">FTC website</a>.</div>

USA Remote Jobs