Security Compliance Analyst #2108
GRAIL is a healthcare company whose mission is to detect cancer early, when it can be cured. GRAIL is focused on alleviating the global burden of cancer by developing pioneering technology to detect and identify multiple deadly cancer types early. The company is using the power of next-generation sequencing, population-scale clinical studies, and state-of-the-art computer science and data science to enhance the scientific understanding of cancer biology, and to develop its multi-cancer early detection blood test. GRAIL is headquartered in Menlo Park, CA with locations in Washington, D.C., North Carolina, and the United Kingdom. GRAIL, LLC is a wholly-owned subsidiary of Illumina, Inc. (NASDAQ:ILMN). For more information, please visit www.grail.com.
As a Security Compliance Analyst on the GRAIL Security team, you’ll be focused on the implementation and delivery of compliance initiatives, including but not limited to SOC2, ISO27001, PCI and HIPAA programs and projects. Your work will be a key component in helping GRAIL build effective and compliant systems and infrastructure to ensure successful completion of audits and help secure Grail’s assets.
Responsibilities:
- Assist periodic compliance audits, facilitate risk assessments and conduct related ongoing compliance monitoring activities to ensure that processes and systems are compliant
- Help support remediation/implementation activities for compliance gaps
- Assist with external security audits, such as ISO27001, HIPAA, SOC2, PCI, and HiTrust
- Resolve security policy and control issues and drive feedback from internal stakeholders, external auditors and customers
- Serve as an SME to help translate compliance requirements to technical/non-technical implementations
- Serve as a key resource for identifying cross functional stakeholders for compliance projects
- Collaborate with various teams in completing assessments
- Provide help in compiling compliance and risk data points for management and assist in summarizing for strategic guidance
- Review and synthesize compliance requirements and identify gaps in policies/compliance-related documentations
- Draft, review, and propose new/updates to security policies as needed
- Assist in further improving third party risk assessment process
- Assist with other GRC activities as needed
Minimum qualifications:
- Bachelor’s degree in Computer Science, Information System, Cyber Security or other related degrees.
- Three plus years of direct work experience in Compliance and Security
- Practical knowledge with one or more control frameworks, such as ISO27001, SOC2, PCI etc.
- Excellent organizational and relationship management skills
- Strong interest in IT/Cloud Security
- Strong project management, critical thinking and analytical skills
- Excellent verbal and written communication skills with the ability to present critical issues to a wide audience and different levels
- Strong written and oral communication skills
- Able to handle ambiguity and collaborate effectively in order to provide clarity in implementing compliance/security solutions
Preferred qualifications:
- 3+ years of professional work experience in Compliance Program, Risk, and Audit preferred
- Experience leading external audits preferred
- Experience in the Biotechnology industry
- Familiarity/understanding of AWS security tools
- Proficiency at using project management and collaboration tools such as JIRA, Confluence and Slack
GRAIL is an Equal Employment Office and Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status. We will reasonably accommodate all individuals with disabilities so that they can participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.
Following extensive monitoring, consideration of business implications, and advice from internal and external experts, GRAIL US has made the decision to require that all U.S. employees be “Fully Vaccinated” with the COVID-19 vaccine and “Up to Date” with any recommended booster. “Fully Vaccinated” is defined as two weeks after both doses of a two-dose vaccine (e.g. Pfizer or Moderna) or two weeks since a single-dose vaccine (e.g. Johnson & Johnson) has been administered; "Up to Date" means having timely received any COVID-19 vaccine booster(s) in accordance with CDC guidelines. Absent a qualifying exemption, all GRAIL US employees are to comply with this requirement, including providing documentation of such vaccination status, as a condition of employment. Anyone unable to be vaccinated, either because of a sincerely held religious belief or a medical condition or disability that prevents them from being vaccinated, can request a reasonable accommodation for consideration by GRAIL.