GRC Senior Analyst (Risk Management)

Reimagine the infrastructure of cancer care within a community that values integrity, inspires growth, and is uniquely positioned to create a more modern, connected oncology ecosystem.
We're looking for a Security GRC Senior Analyst to help us accomplish our mission to improve and extend lives by learning from the experience of every person with cancer. Are you ready to be the next changemaker in cancer care?
What You'll Do
As a member of the Governance, Risk and Compliance (GRC) team, you will develop solutions and processes that further the goals of the organization while ensuring the protection of our patients' information. In addition, you'll also:

• Provide oversight to the Security Risk Management function and help create / drive it's strategic roadmap
• Create and deliver security metrics and risk indicators to our external stakeholders to help inform the business areas of their risk posture and enable the business to make informed risk decisions
• Assist in maturing the security risk management strategy throughout the enterprise.
• Maintain processes and playbooks related to security metrics reporting
• Provide oversight for Security's Plan of Action (POAM) and Exception process.
• Perform risk based analysis on proposed projects, vendors, and issue resolution implementations
• Lead Security related implementations and projects by coordinating with technical and non-technical teams to ensure success
• Proactively identify and develop solutions to data security issues by working with multiple teams including Privacy, Legal, HR, Procurement and vendors
• Effectively communicate security needs and business requirements to stakeholders
• Serve as an advisor and internal consultant on identified issues, project plans or any other initiative that may have security implications
• Test implemented controls and perform risk assessments based on established frameworks and Flatiron internal policies
• Respond to client security risk assessment questionnaires by gathering information from across the organization as necessary
• Promote security education and awareness across Flatiron

Who You Are
You're someone who takes pride in managing security risks within a dynamic enterprise; you're passionate about identifying issues and working with the appropriate stakeholders to solve them. You're excited by the prospect of rolling up your sleeves to tackle meaningful problems each and every day. You're a kind, passionate and collaborative problem-solver who seeks and gives candid feedback, and values the chance to make an important impact.

• 6+ years relevant experience working in Security Risk Management, Security Metrics & Reporting, Third party risk assessment, SOC2/ISO/NIST 800-53 audit oversight, and Interpretation & Maintenance of Security Policies / Standards
• Experience with reporting on key risk indicators and metrics to stakeholders
• Experience working with security frameworks (HIPAA, PCI, NIST, ISO etc)
• Proven ability to manage risk and projects in a face paced environment
• Ability to communicate risk effectively to stakeholders within the organization.
• Superior organizational skills and attention to detail
• Excellent interpersonal, writing and communication skills
• Ability to constantly prioritize and change or adapt to ambiguous situations
• Passionate about healthcare and the fight against cancer

Extra Credit

• You have HIPAA experience

Where you'll work
In this hybrid role, you'll have a defined work location that includes work from home and 3 office days set by you and your team. For more information on our approach to hybrid work, please visit the how we work website.
Preferred Primary Location: Raleigh-Durham Office
The annual pay range reflected above for this position is based on the preferred primary location of the role which is listed in the job description. Salary ranges for other locations vary from the range reflected above. Base pay offered may vary depending on job-related knowledge, skills, and experience. An annual bonus and equity may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered.