POSITION SUMMARY:
The Senior Cybersecurity Analyst (Governance, Risk, and Compliance) plays an important role in building and maturing Boston Medical Center Health System’s GRC program. This role will be key to developing and improving human-driven processes before enterprise tooling is in place, and will make that work visible, auditable, and ready to scale.
Position: Senior Cybersecurity Analyst
Department: Information Security
Schedule: Full Time
ESSENTIAL RESPONSIBILITIES / DUTIES:
Lead execution of GRC program initiatives, contributing design input on processes, workflows, and work products as the program matures toward enterprise tooling adoption.
Maintain and operationalize risk registers, control frameworks, and maturity assessments aligned to NIST CSF 2.0, HIPAA/HITECH, and applicable federal and state security and privacy regulations.
Drive compliance monitoring activities and recommend updates to security policies, standards, and procedures that balance regulatory rigor with operational practicality.
Coordinate the third-party risk management process, including vendor risk assessments and ongoing vendor risk workflows.
Apply risk scoring methodologies to support framework maturity tracking and quantified risk metrics, incorporating business continuity and disaster recovery considerations.
Manage structured GRC work products in spreadsheet and document-based environments (e.g., Excel, SharePoint), keeping them accurate, accessible, and audit-ready on an ongoing basis.
Translate technical findings into clear, actionable written and verbal reporting for executive and non-technical audiences.
Partner with stakeholders across IT and non-IT business functions to advance new standards and workflows, influencing adoption without direct authority.
Prioritize multiple concurrent workstreams to deliver accurate results on schedule in a fast-paced, evolving environment.
(The above statements in this job description are intended to depict the general nature and level of work assigned to the employee(s) in this job. The above is not intended to represent an exhaustive list of accountable duties and responsibilities required)
JOB REQUIREMENTS
REQUIRED EDUCATION AND EXPERIENCE:
Bachelor's degree in Cybersecurity, Computer Science, Information Management, or a related field preferred
A minimum of six years of experience in information security or related discipline, with a strong focus on governance, risk, and compliance programs in complex or regulated environments.
Or equivalent combination of education and experience.
PREFERRED EDUCATION AND EXPERIENCE:
Demonstrated experience building or significantly maturing a GRC function, including the design of processes and workflows prior to enterprise tooling adoption.
CERTIFICATIONS, LICENSES, REGISTRATIONS PREFERRED:
Professional certifications such as CISA, CRISC, CISSP, or equivalent are highly desirable.
KNOWLEDGE, SKILLS & ABILITIES (KSAs):
Demonstrated experience in data mining, analysis and report development required.
Strong knowledge of information systems security concepts and current information security/privacy trends and practices.
Knowledge of Federal and State security and privacy-related regulatory requirements.
Excellent written and oral communication skills, interpersonal skills, and effective leadership skills to support privacy programs.
Must be able to prepare formal reports and presentations as needed.
Must be detailed oriented and possess the ability to prioritize tasks so work is completed in an accurate, timely manner.
Strong business and technical skills in the planning, administration, and management of information systems, operational and technical security controls; and security risk analysis and management.
Self-starter with the ability to work independently, prioritize, multi-task, and maintain flexibility in fast-paced, changing environment.
Ability to confront conflict and difficult issues in a professional, assertive, and proactive manner.
Ability to build strong working relationships at all levels, internal and/or external to the organization.
Knowledge about medical records and other medical information, patient privacy and confidentiality, and release of information. Academic medical center and/or health care consulting experience preferred.
Compensation Range:
$89,500.00- $130,000.00This range offers an estimate based on the minimum job qualifications. However, our approach to determining base pay is comprehensive, and a broad range of factors is considered when making an offer. This includes education, experience, skills, and certifications/licensures as they directly relate to position requirements; as well as business/organizational needs, internal equity, and market-competitiveness. In addition, BMCHS offers generous total compensation that includes, but is not limited to, benefits (medical, dental, vision, pharmacy), discretionary annual bonuses and merit increases, Flexible Spending Accounts, 403(b) savings matches, paid time off, career advancement opportunities, and resources to support employee and family well-being.
NOTE: This range is based on Boston-area data, and is subject to modification based on geographic location.
Equal Opportunity Employer/Disabled/Veterans
According to the FTC, there has been a rise in employment offer scams. Our current job openings are listed on our website and applications are received only through our website. We do not ask or require downloads of any applications, or “apps” job offers are not extended over text messages or social media platforms. We do not ask individuals to purchase equipment for or prior to employment.
Skills Required
- Minimum six years experience in information security or related discipline with strong focus on governance, risk, and compliance programs
- Demonstrated experience in building or maturing a GRC function and designing processes/workflows prior to tooling adoption
- Experience maintaining and operationalizing risk registers, control frameworks, and maturity assessments
- Knowledge and application of NIST CSF 2.0 and HIPAA/HITECH regulatory requirements
- Experience coordinating third-party risk management and vendor risk assessments
- Experience applying risk scoring methodologies and producing quantified risk metrics
- Experience managing structured GRC work products in spreadsheet and document-based environments (e.g., Excel, SharePoint)
- Demonstrated experience in data mining, analysis, and report development
- Strong knowledge of information systems security concepts, privacy trends, and security controls
- Ability to translate technical findings into clear written and verbal reports for executive and non-technical audiences
- Knowledge about medical records, patient privacy and confidentiality, and release of information
- Professional certifications such as CISA, CRISC, CISSP or equivalent
- Academic medical center and/or health care consulting experience
Boston Medical Center (BMC) Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Boston Medical Center (BMC) and has not been reviewed or approved by Boston Medical Center (BMC).
-
Pay Growth & Progression — Recent union agreements delivered significant raises for nurses and many non‑RN groups, lifting pay levels in those cohorts. Feedback suggests these structured increases improved satisfaction for roles covered by the contracts.
-
Affordable Benefits — An option for a no‑premium medical plan, strong pharmacy discounts, and low‑cost same‑day care position healthcare as cost‑effective. Additional programs like diabetes support and coaching further reduce out‑of‑pocket burden.
-
Leave & Time Off Breadth — Full‑time staff receive a large PTO bank that grows over time and extended parental leave for birth or adoption. Colleagues also have access to emergency child and elder care supports and childcare discounts.
Boston Medical Center (BMC) Insights
What We Do
Boston Medical Center, located in Boston’s historic South End, is a private, not-for-profit, 567-bed, academic medical center and the primary teaching affiliate for Boston University School of Medicine. Recognized for its high-quality, nationally ranked and comprehensive medical care for the entire family, patients have access to the most current treatment and advancements at BMC. BMC physicians lead the way in pioneering new therapies that impact the care of patients locally and worldwide. In 2013, BMC made the decision to invest in a four-year campus redesign that includes additions to buildings, upgrades to existing structures, and an expansion of the Emergency Department. Once completed, the redesign will provide clinical workspaces with state-of-the-art facilities and equipment to solve BMC's most pressing care delivery needs. Already complete, the hospital’s Shapiro Center is Boston’s newest outpatient care facility and features a quarter-million square feet of clinic space, key support services, one of the region’s most technologically advanced pharmacies, and a bright, spacious café. Housed in a facility that provides world-class, patient-centered care at every visit, BMC doctors are among the best in their field. Many are recognized annually as “Top Doctors” in their medical and surgical specialties by publications such as U.S. News & World Report and Boston magazine. Boston Medical Center is also the largest safety net hospital in New England and extends into the community as a founding partner of Boston HealthNet, a network of 15 community health centers throughout Boston serving more than a quarter million people annually. No matter whom you meet at BMC, all are committed to providing every patient and family member with the highest quality of care, respect, warmth and compassion.





