Security GRC Analyst at Flatiron Health
We're looking for a GRC Security Analyst to help us accomplish our mission to improve lives by learning from the experience of every cancer patient. Here's what you need to know about the role, our team and why Flatiron Health is the right next step in your career.
What You'll Do
As a member of the Governance, Risk and Compliance (GRC) team, you will develop solutions and processes that further the goals of the organization while ensuring the protection of our patients’ information. In addition, you'll also:
- Lead Security related implementations and projects by coordinating with technical and non-technical teams to ensure success
- Proactively identify and develop solutions to data security issues by working with multiple teams including Privacy, Legal, HR, Procurement and vendors
- Effectively communicate security needs and business requirements to stakeholders
- Serve as an advisor and internal consultant on identified issues, project plans or any other iniativate that may have security implications
- Perform risk based analysis on proposed projects, vendors, and issue resolution implementations
- Test implemented controls and perform risk assessments based on established frameworks and Flatiron internal policies
- Mature the vendor risk assessment process and evaluate assessments using a risk based approach
- Develop and maintain relevant risk metrics to promote transparency to peer teams, senior leadership and any other relevant stakeholders
- Assist in maturing the security risk management strategy throughout the enterprise.
- Respond to client security risk assessment questionnaires by gathering information from across the organization as necessary
- Promote security education and awareness across Flatiron
Who You Are
You're someone who takes pride in managing security risks within a dynamic enterprise; you’re passionate about identifying issues and working with the appropriate stakeholders to solve them. You're excited by the prospect of rolling up your sleeves to tackle meaningful problems each and every day. You’re a kind, passionate and collaborative problem-solver who seeks and gives candid feedback, and values the chance to make an important impact.
- 4+ years relevant experience (Third party risk assessment, NIST 800-53 experience, Interpretation & Maintenance of Security Policies / Standards, Risk Management)
- Experience working with security frameworks (HIPAA, PCI, NIST, ISO etc)
- Proven ability to manage risk and projects in a face paced environment
- Ability to communicate risk effectively to stakeholders within the organization.
- Superior organizational skills and attention to detail
- Excellent interpersonal, writing and communication skills
- Ability to constantly prioritize and change or adapt to ambiguous situations
- Passionate about healthcare and the fight against cancer
If this sounds like you, you'll fit right in at Flatiron.
- You have HIPAA experience
Why You Should Join Our Team
A career at Flatiron is a chance to work with everyone involved in the future of cancer care and research—all under one roof. Researchers, data scientists, designers, clinicians, technologists and many more all work together to improve cancer care and accelerate research.
At Flatiron, we strive to build and maintain an environment where employees from all backgrounds are valued, respected and have the opportunity to succeed. You'll also find a culture of continuous learning, broad and inclusive employee support offerings, and a commitment to supporting our team members in all aspects of their lives—at home, at work and everywhere in between. We offer:
- Flatiron University training curriculum which includes presentation skills, meeting mastery, coding languages and more
- Career coaching opportunities
- Hackathons for all employees (not just our engineers!)
- Professional development benefit for attending conferences, industry events and external courses
- Work/life autonomy via flexible work hours and flexible paid time off
- Generous parental leave (16 weeks for either parent)
- Back-up child care
- Flatiron-sponsored fitness classes
Flatiron Health is proud to be an Equal Employment Opportunity employer.
We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.