Security GRC Analyst
New York, NY

Job Description

Our security team embodies a collaborative, efficient, and flexible working environment. Each role is not limited to the responsibilities outlined; we collaborate and draw on shared team experiences whenever possible in order to strengthen our security posture across the board. Although we are a hyper growth company, we still operate with a small team mindset and work in cross functional capacities. The Security team and the entire organization share a common purpose and goal: employing all measures to protect against threats to our business because we care about our patients and their quality of life.

As a member of the Governance, Risk and Compliance (GRC) team, you will develop solutions and processes that further the goals of the organization while ensuring the protection of our patients' information.

Responsibilities:

* Lead Security related implementations and projects by coordinating with technical and non-technical teams to ensure success
* Proactively identify and develop solutions to data security issues by working with multiple teams including Privacy, Legal, HR, Procurement and vendors
* Effectively communicate security needs and business requirements to stakeholders
* Serve as an advisor and internal consultant on identified issues, project plans or any other initiative that may have security implications
* Perform risk based analysis on proposed projects, vendors, and issue resolution implementations
* Test implemented controls and perform risk assessments based on established frameworks and Flatiron internal policies
* Mature the vendor risk assessment process and evaluate assessments using a risk based approach
* Develop and maintain relevant risk metrics to promote transparency to peer teams, senior leadership and any other relevant stakeholders
* Respond to client security risk assessment questionnaires by gathering information from across the organization as necessary
* Promote security education and awareness across Flatiron

About You:

* 4+ years relevant experience
* Experience working with security frameworks (HIPAA, PCI, NIST, ISO etc)
* Proven ability to manage risk and projects in a face paced environment
* Superior organizational skills and attention to detail
* Excellent interpersonal, writing and communication skills
* Ability to constantly prioritize and change or adapt to ambiguous situations
* Passionate about healthcare and the fight against cancer

Bonus Points:

* HIPAA experience
* Startup experience