Modernizing Medicine
GRC Analyst
We are united in our mission to make a positive impact on healthcare. Join Us! We Are Modernizing Medicine! We're a team of bright, passionate, and positive problem-solvers on a mission to place doctors and patients at the center of care through an intelligent, specialty-specific cloud platform. Our vision is a world where the software we build increases medical practice success and improves patient outcomes. Founded in 2010 by Daniel Cane and Dr. Michael Sherling, we have grown to over 3400 combined direct and contingent team members serving eleven specialties, and we are just getting started! ModMed's global headquarters is based in Boca Raton, FL, with a growing office in Hyderabad, India, and a robust remote workforce across the US, Chile, and Germany. ModMed is hiring a driven GRC Analyst (Governance, Risk, and Compliance) Analyst to support the development and implementation of GRC strategies within ModMed. This role will ensure that ModMed adheres to regulatory requirements, industry standards, and best practices for cybersecurity. The ideal candidate will have a strong understanding of GRC frameworks, experience in risk assessment and management, and the ability to collaborate across various departments to enhance our security posture. Your Role: Develop and maintain cybersecurity policies, procedures, and standards. Ensure alignment of cybersecurity practices with business objectives and regulatory requirements. Assist in the creation and management of the cybersecurity governance framework. Conduct risk assessments on third parties to identify and evaluate potential cybersecurity risks. Develop and implement risk mitigation strategies and controls. Monitor and report on risk management activities and the effectiveness of controls. Ensure compliance with industry regulations and standards (PCI, HIPAA, SOC2). Conduct regular audits and assessments to ensure adherence to compliance requirements. Collaborate with internal and external auditors during compliance reviews and audits. Develop and deliver cybersecurity awareness training materials. Promote a culture of cybersecurity awareness across the organization. Monitor and report on the effectiveness of security awareness initiatives. Prepare regular reports on GRC activities and metrics for senior security management. Maintain comprehensive documentation of all GRC activities, policies, and procedures. Ensure proper documentation of risk assessments, audit findings, and compliance activities. Skills & Requirements: Bachelor's degree in Information Security, Cybersecurity, or Information Technology or equivalent education and experience. Minimum of 3-5 years of experience in information security GRC, or related fields. Experience with PCI, HIPAA, SOC2, CIS Controls, and risk management, enterprise security risk management. Familiarity with healthcare industry regulations and standards is a plus. Proficiency in PCI and security risk assessments methodologies and tools. Excellent problem-solving skills. Strong communication and interpersonal skills. Strong understanding of security frameworks and standards (NIST CSF, PCI, HIPAA, SOC2, CIS Controls). Experience with GRC tools and technologies PCIP, ISA CISA Certification.
We are united in our mission to make a positive impact on healthcare. Join Us! We Are Modernizing Medicine! We're a team of bright, passionate, and positive problem-solvers on a mission to place doctors and patients at the center of care through an intelligent, specialty-specific cloud platform. Our vision is a world where the software we build increases medical practice success and improves patient outcomes. Founded in 2010 by Daniel Cane and Dr. Michael Sherling, we have grown to over 3400 combined direct and contingent team members serving eleven specialties, and we are just getting started! ModMed's global headquarters is based in Boca Raton, FL, with a growing office in Hyderabad, India, and a robust remote workforce across the US, Chile, and Germany. ModMed is hiring a driven GRC Analyst (Governance, Risk, and Compliance) Analyst to support the development and implementation of GRC strategies within ModMed. This role will ensure that ModMed adheres to regulatory requirements, industry standards, and best practices for cybersecurity. The ideal candidate will have a strong understanding of GRC frameworks, experience in risk assessment and management, and the ability to collaborate across various departments to enhance our security posture. Your Role: Develop and maintain cybersecurity policies, procedures, and standards. Ensure alignment of cybersecurity practices with business objectives and regulatory requirements. Assist in the creation and management of the cybersecurity governance framework. Conduct risk assessments on third parties to identify and evaluate potential cybersecurity risks. Develop and implement risk mitigation strategies and controls. Monitor and report on risk management activities and the effectiveness of controls. Ensure compliance with industry regulations and standards (PCI, HIPAA, SOC2). Conduct regular audits and assessments to ensure adherence to compliance requirements. Collaborate with internal and external auditors during compliance reviews and audits. Develop and deliver cybersecurity awareness training materials. Promote a culture of cybersecurity awareness across the organization. Monitor and report on the effectiveness of security awareness initiatives. Prepare regular reports on GRC activities and metrics for senior security management. Maintain comprehensive documentation of all GRC activities, policies, and procedures. Ensure proper documentation of risk assessments, audit findings, and compliance activities. Skills & Requirements: Bachelor's degree in Information Security, Cybersecurity, or Information Technology or equivalent education and experience. Minimum of 3-5 years of experience in information security GRC, or related fields. Experience with PCI, HIPAA, SOC2, CIS Controls, and risk management, enterprise security risk management. Familiarity with healthcare industry regulations and standards is a plus. Proficiency in PCI and security risk assessments methodologies and tools. Excellent problem-solving skills. Strong communication and interpersonal skills. Strong understanding of security frameworks and standards (NIST CSF, PCI, HIPAA, SOC2, CIS Controls). Experience with GRC tools and technologies PCIP, ISA CISA Certification.