GRC Analyst at VillageMD
Join the frontlines of today's healthcare transformation
We're looking for a GRC Analyst to help us transform the way primary care is delivered and how patients are served.
VillageMD is changing the trajectory of healthcare. We’re empowering primary care physicians to make informed decisions, and engaging patients in meaningful ways. We work with thousands of clinicians and healthcare disruptors across the country, improving patient health while driving down the cost to deliver it.
We are a mission-oriented organization, and we are thrilled about the work that we accomplish every day. We’re transparent. Collaborative. Relentless in pursuit of our mission. With a confidence to lead but the humility to never stop learning. We believe that diverse backgrounds and experiences create the best opportunity for innovation. And we know that the community we are growing is greater than any one individual.
We’ve built our technology using the best of cloud and open-source technologies to create an open, data-first platform that is enriched with analytical models and connected to the most modern internal and external apps. These apps drive clinical decision support, patient engagement and other facilitators of innovative, information-enriched health experiences.
Could this be you?
We are seeking a GRC Analyst who can perform the fundamental tasks assigned and fulfill the daily operations of Compliance, Governance and Security Awareness Programs.
How you can make a difference
During your first year, you can expect the following professional challenges:
- Work with business and technology delivery teams to define and maintain an effective suite of controls adapting to changes in products, business processes and technology solutions
- Partner with internal and external groups that periodically assess control effectiveness to ensure that these assessments are conducted in a smooth and efficient manner and that any issues and exceptions identified in the operation of controls are promptly and enduringly corrected
- Maintain an accurate and continuously updated inventory of IT controls including their objectives, operational processes, and responsible control owner
- Collaborate with IT control owners to continuously monitor control effectiveness and act as a trusted advisor to business and technology leadership on the design and effective operation of controls
- Continuously assess technology delivery and operation within VillageMD to identify process, technology operation, regulatory, or compliance risks and develop the necessary strategies to reduce and/or remediate these risks
- Facilitate communication and coordinated action across VillageMD and enterprise leadership to track and address identified risks
- Assist VMD technology and business leaders with remediation efforts
- Maintain and report metrics over the VMD compliance program for various stakeholders
- Work with the GRC management team to advance the VMD Security Awareness program
- Ensure compliance with applicable business, industry, and regulatory standards
- Assist the Vendor Risk Lead with vendor review activities.
- Oversee and participate in the completion and analysis of clinic audits
Skills for success
As a successful VillageMD a GRC Analyst you possess:
- Strong organizational and process documentation skills
- The ability to create and refine processes that are adaptable but wildly scalable
- Think clearly, communicate concisely, and collaborate always.
- Thrive in a fast-paced environment, with, at times, minimal guidance, and absorb information quickly to create a plan to execute against.
- A low ego; an ability to gain trust by doing what you say you will do
- The ability to adapt to changing priorities and business/IT demands.
Experience to drive change
- Experience building or optimizing an enterprise GRC program, preferably within a healthcare technology environment.
- 3+ years in the Security Operations, with focus on achieving compliance with industry accepted frameworks and regulatory policy including, but not limited to NIST 800-53, HITRUST, HIPAA etc.
- History of optimization of process and projects across functional areas
- Track record of successfully executing projects in collaboration with both technical and non-technical stakeholders.
- Consulting experience preferred
- CISSP, CISM, CISA or comparable security certification or working towards preferred
- Graduate Degree (MBA, MIS, etc.) or working towards preferred, but not necessary.
What can we offer you?
- Competitive salary, bonus, and health benefits
- Paid gym membership
- Fun, fast-paced, startup environment (with snacks)
- Pre-tax savings on commute expenses
- Remote flexibility
- A highly-collaborative, conscientious, forward-thinking environment that welcomes the impact you can make from Day 1.
- A clear link between our daily work on products and services and the improved quality of healthcare that this work facilitates for patients.
At VillageMD, we see diversity and inclusion as a source of strength in transforming healthcare. We believe building trust and innovation are best achieved through diverse perspectives. To us, acceptance and respect are rooted in an understanding that people do not experience things in the same way, including our healthcare system. Individuals seeking employment at VillageMD are considered without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.