Security GRC Analyst
We're looking for a GRC Analyst to help us accomplish our mission to improve lives by learning from the experience of every cancer patient. Here's what you need to know about the role, our team and why Flatiron Health is the right next step in your career.
What You'll Do
As a member of the Governance, Risk and Compliance (GRC) team within Flatiron’s Information Security team, you will develop solutions and processes that further the goals of the organization while ensuring the protection of our patients’ information. In addition, you'll also:
- Lead Security related implementations and projects by coordinating with technical and non-technical teams to ensure success
- Proactively identify and develop solutions to data security issues by working with multiple teams including Privacy, Legal, HR, Procurement and third party vendors
- Effectively communicate security needs and business requirements to stakeholders
- Serve as an advisor and internal consultant on identified issues, project plans or any other initiative that may have security implications
- Perform risk based analysis on proposed projects, vendors, and issue resolution implementations
- Test implemented controls and perform risk assessments based on established frameworks and Flatiron internal policies
- Mature the vendor risk assessment process and evaluate assessments using a risk based approach
- Develop and maintain relevant risk metrics to promote transparency to peer teams, senior leadership and any other relevant stakeholders
- Respond to client security risk assessment questionnaires by gathering information from across the organization as necessary
- Promote security education and awareness across Flatiron
Who You Are
You're a Security innovator who is excited about developing solutions. You're excited by the prospect of rolling up your sleeves to tackle meaningful problems each and every day. You’re a kind, passionate and collaborative problem-solver who seeks and gives candid feedback, and values the chance to make an important impact.
- You have proven ability to manage risk and projects in a fast paced environment
- You have the ability to constantly prioritize and change or adapt to ambiguous situations
- You have 4+ years of relevant experience
- You are passionate about healthcare and the fight against cancer
- You have strong organizational skills and attention to detail
- You have excellent interpersonal, writing and communication skills
- You have experience working with security frameworks (HIPAA, PCI, NIST, ISO etc)
If this sounds like you, you'll fit right in at Flatiron.
- HIPAA experience
- Startup experience
Why You Should Join Our Team
A career at Flatiron is a chance to work with everyone involved in the future of cancer care and research—all under one roof. Researchers, data scientists, designers, clinicians, technologists and many more all work together to improve cancer care and accelerate research.
You'll also find a culture of continuous learning, broad and inclusive employee support offerings, and a commitment to supporting our team members in all aspects of their lives—at home, at work and everywhere in between. We offer:
- Flatiron University training curriculum which includes presentation skills, meeting mastery, coding languages and more
- Career coaching opportunities
- Hackathons for all employees (not just our engineers!)
- Professional development benefit for attending conferences, industry events and external courses
- Work/life autonomy via flexible work hours and flexible paid time off
- Generous parental leave (16 weeks for either parent)
- Back-up child care
- Flatiron-sponsored fitness classes
Flatiron Health is proud to be an Equal Employment Opportunity employer.
We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.