Head of GRC
We're looking for a Security Governance Risk & Compliance Manager to help us accomplish our mission to improve lives by learning from the experience of every cancer patient. Here's what you need to know about the role, our team and why Flatiron Health is the right next step in your career.
What You'll Do
The information security compliance program is a crucial tool in maintaining our commitment to a best in class information security standards and benchmarks across all of Flatiron. Measuring security is never a check-box exercise we think of our Security, Governance, Risk and Compliance Program as a crucial and advanced situational awareness function that drives key security investments and risk decisions. In this role, you'll work with the security team to surface and measure information security risk and oversee HIPAA Security compliance, reporting to our CISO. Your efforts will help shape the security investments and strategy to protect patient data.
In addition, you'll also:
- Measure, report and mature Flatiron’s information security standards, policies and controls across the entire enterprise
- Update and develop new security-related policies, procedures, and guidance documents as needed
- Respond to client information security risk assessment questionnaires
- Conduct risk assessments to judge the efficacy of existing security controls and make recommendations for improvements
- Educate business and technical clients through training and security awareness programs
- Work with Product Managers and other stakeholders to develop and drive consensus around creative solutions to security-by-design challenges
- Communicate security decisions to broader cross-functional teams, and ensure that those decisions are properly implemented
- Manage external/customer audit responsibilities
- Develop security audit plan for third-party vendors
Who You Are
You're excited by the prospect of rolling up your sleeves to tackle meaningful problems each and every day. You’re a kind, passionate and collaborative problem-solver who seeks and gives candid feedback, and values the chance to make an important impact.
- You have 4+ years of supporting or direct involvement in information security governance, risk, compliance initiatives at enterprise scale
- You have a bachelor’s degree in a related field
- You have strong knowledge of security and risk frameworks such as HITRUST, NIST CSF, NIST 800-53, AWS CIS Benchmarks
- You have a firm knowledge of industry standard security solutions such as firewalls, anti-virus, Network Intrusion Detection, Data Loss Prevention, and encryption
- You have experience organizing, coordinating, multi-tasking, and process-improvements in a security program
- You are Interested in working in a collaborative and creative environment
If this sounds like you, you'll fit right in at Flatiron.
Why You Should Join Our Team
A career at Flatiron is a chance to work with everyone involved in the future of cancer care and research—all under one roof. Researchers, data scientists, designers, clinicians, technologists and many more all work together to improve cancer care and accelerate research.
At Flatiron, we strive to build and maintain an environment where employees from all backgrounds are valued, respected and have the opportunity to succeed. You'll also find a culture of continuous learning, broad and inclusive employee support offerings, and a commitment to supporting our team members in all aspects of their lives—at home, at work and everywhere in between. We offer:
- Flatiron University training curriculum which includes presentation skills, meeting mastery, coding languages and more
- Career coaching opportunities
- Hackathons for all employees (not just our engineers!)
- Professional development benefit for attending conferences, industry events and external courses
- Work/life autonomy via flexible work hours and flexible paid time off
- Generous parental leave (16 weeks for either parent)
- Back-up child care
- Flatiron-sponsored fitness classes
Flatiron Health is proud to be an Equal Employment Opportunity employer.
We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.