TherapyNotes, LLC

Senior GRC Analyst

TherapyNotes, LLC

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $95,000 - $135,000 per year

Job Level

Senior

Tech Stack

CloudCyber Security

About the role

  • TherapyNotes is the go-to superhero for behavioral health Practice Management and EHR software; SaaS solution handles scheduling, billing, documenting, telehealth, and more
  • Develop and implement GRC strategies, policies, and procedures to ensure compliance with regulatory standards and industry best practices
  • Lead the assessment and management of risks across the organization, including conducting risk assessments, identifying gaps, and developing mitigation plans
  • Collaborate with cross-functional teams to integrate GRC principles into business processes and systems
  • Monitor regulatory changes and industry trends to ensure the organization remains compliant and proactive in addressing emerging risks
  • Provide guidance and training to employees on GRC policies, procedures, and best practices
  • Support the execution of audits, assessments, and compliance activities and serve as liaison for external audits
  • Mentor and coach GRC analysts
  • Support execution and continual improvement of the information security program, emphasizing HIPAA-HITECH, state, and GDPR compliance
  • Identify and document cyber risks, manage mitigation, and report issues to leadership
  • Assist with ad-hoc compliance reporting and follow up with customers and support partners to address vulnerabilities
  • Provide support to Information Security Incident Response team during cyber/privacy incidents
  • Validate that information security requirements are built into architectures and new technology projects
  • Ensure application and codebase protect confidentiality, integrity, and availability of customer data
  • Evaluate technical security posture of proposed third-party solutions and improve third party risk management

Requirements

  • BS degree in Information Security, Risk Management, Business Administration, or related field
  • 8+ years of experience in GRC, risk management, or related fields
  • Experience supporting and/or leading audit discussions
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) strongly preferred
  • Strong knowledge of regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS, CPRA) and industry standards (e.g., ISO 27001, NIST)
  • Expert in designing, implementing, and maintaining security solutions
  • Experience developing and implementing GRC frameworks, policies, and procedures
  • Excellent analytical skills with the ability to assess complex risks and develop effective mitigation strategies
  • Exceptional communication and interpersonal skills
  • Proven ability to lead and manage projects, including coordinating cross-functional teams and delivering results on time
  • Ability to adapt to a fast-paced and dynamic environment, with a focus on continuous improvement and innovation
  • Expert in OWASP, CIS and/or other security standards and secure configuration baselines
  • Proficiency with cloud-based solutions and web related technologies