Reimagine the infrastructure of cancer care within a community that values integrity, inspires growth, and is uniquely positioned to create a more modern, connected oncology ecosystem.
We're looking for a Security GRC Senior Analyst to help us accomplish our mission to improve and extend lives by learning from the experience of every person with cancer. Are you ready to be the next changemaker in cancer care?
What You'll Do
As a member of the Governance, Risk and Compliance (GRC) team, you will develop solutions and processes that further the goals of the organization while ensuring the protection of our patients' information. In addition, you'll also:
- Provide oversight to the Security Risk Management function and help create / drive it's strategic roadmap
- Create and deliver security metrics and risk indicators to our external stakeholders to help inform the business areas of their risk posture and enable the business to make informed risk decisions
- Assist in maturing the security risk management strategy throughout the enterprise.
- Maintain processes and playbooks related to security metrics reporting
- Provide oversight for Security's Plan of Action (POAM) and Exception process.
- Perform risk based analysis on proposed projects, vendors, and issue resolution implementations
- Lead Security related implementations and projects by coordinating with technical and non-technical teams to ensure success
- Proactively identify and develop solutions to data security issues by working with multiple teams including Privacy, Legal, HR, Procurement and vendors
- Effectively communicate security needs and business requirements to stakeholders
- Serve as an advisor and internal consultant on identified issues, project plans or any other initiative that may have security implications
- Test implemented controls and perform risk assessments based on established frameworks and Flatiron internal policies
- Respond to client security risk assessment questionnaires by gathering information from across the organization as necessary
- Promote security education and awareness across Flatiron
Who You Are
You're someone who takes pride in managing security risks within a dynamic enterprise; you're passionate about identifying issues and working with the appropriate stakeholders to solve them. You're excited by the prospect of rolling up your sleeves to tackle meaningful problems each and every day. You're a kind, passionate and collaborative problem-solver who seeks and gives candid feedback, and values the chance to make an important impact.
- 6+ years relevant experience working in Security Risk Management, Security Metrics & Reporting, Third party risk assessment, SOC2/ISO/NIST 800-53 audit oversight, and Interpretation & Maintenance of Security Policies / Standards
- Experience with reporting on key risk indicators and metrics to stakeholders
- Experience working with security frameworks (HIPAA, PCI, NIST, ISO etc)
- Proven ability to manage risk and projects in a face paced environment
- Ability to communicate risk effectively to stakeholders within the organization.
- Superior organizational skills and attention to detail
- Excellent interpersonal, writing and communication skills
- Ability to constantly prioritize and change or adapt to ambiguous situations
- Passionate about healthcare and the fight against cancer
Extra Credit
- You have HIPAA experience
Where you'll work
In this hybrid role, you'll have a defined work location that includes work from home and 3 office days set by you and your team. For more information on our approach to hybrid work, please visit the how we work website.
Preferred Primary Location: Raleigh-Durham Office
The annual pay range reflected above for this position is based on the preferred primary location of the role which is listed in the job description. Salary ranges for other locations vary from the range reflected above. Base pay offered may vary depending on job-related knowledge, skills, and experience. An annual bonus and equity may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered.
Top Skills
What We Do
Flatiron Health is a healthtech company dedicated to helping cancer centers thrive and deliver better care for patients today and tomorrow. Through clinical and data science, we translate patient experiences into real-world evidence to improve treatment, inform policy, and advance research. Cancer is smart. Together, we can be smarter. Flatiron Health is an independent affiliate of the Roche Group.
Why Work With Us
Reimagine the infrastructure of cancer care within a technology and science community that values integrity, inspires growth, and is uniquely positioned to create a more modern, connected oncology ecosystem.
Gallery
Flatiron Health Teams
Flatiron Health Offices
Hybrid Workspace
Employees engage in a combination of remote and on-site work.
At Flatiron, attracting and inspiring a diverse team is essential to our success. Our hybrid work approach, built on flexibility and clarity, allows you to choose your office days while optimizing productivity and well-being.