TherapyNotes, LLCRemote
Lead GRC Analyst
United States
Full Time
1 hour ago
$125,000 - $165,000 USD
No H1B
Key skills
CloudLeadershipRisk ManagementCommunicationOWASP
About this role
Role Overview
- Architect, implement, and continuously mature the organization’s Governance, Risk, and Compliance (GRC) program
- Lead organization-wide risk identification, analysis, and treatment processes
- Lead end-to-end third-party risk management activities
- Conduct formal risk assessments across infrastructure, application, vendor, and business process domains
- Collaborate with cross-functional teams to integrate GRC principles into business processes and systems
- Monitor evolving regulatory requirements, enforcement trends, and industry best practices
- Provide guidance and training to employees on GRC policies, procedures, and best practices
- Oversee the execution of audits, assessments, and compliance activities
- Ensure documentation artifacts support evidentiary requirements for regulatory examinations and certification audits
- Act as a liaison with external auditors, regulators, and stakeholders on GRC-related matters
- Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives
- Mentor and coach GRC analysts, fostering their professional development and growth within the organization
- Drive continual improvement of the organization’s information security program
- Identify and document cyber risks and manage mitigation
- Assist with ad-hoc compliance reporting
- Provide support to Information Security Incident Response team
- Review architectural designs and new technology initiatives
Requirements
- BS degree in Information Security, Risk Management, Business Administration, or related field
- 5+ years of experience in GRC, risk management, or related fields, with demonstrated leadership experience
- Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) strongly preferred
- Strong knowledge of regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS, CPRA) and industry standards (e.g., ISO 27001, NIST).
- Expert in designing, implementing, and maintaining security solutions
- Understanding of modern approaches to GRC such as Policy-as-Code and Compliance-as-Code
- Experience developing and implementing GRC frameworks, policies, and procedures
- Excellent analytical skills with the ability to assess complex risks and develop effective mitigation strategies
- Exceptional communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization
- Proven ability to lead and manage projects, including coordinating cross-functional teams and delivering results on time
- Ability to adapt to a fast-paced and dynamic environment, with a focus on continuous improvement and innovation
- Proficiency with security standards and secure configuration baselines such as CIS or OWASP
- Proficiency with cloud-based solutions and web related technologies.
Tech Stack
- Cloud
Benefits
- Employer sponsored health, dental, vision, life, and disability insurance
- Retirement plan with company contribution
- Annual company profit sharing
- Personal development/training budget
- Open, collaborative work environment
- Extensive 2-week onboarding plan
- Comprehensive mentorship program