Security GRC Analyst/Auditor

Position Title: Security GRC Analyst/Auditor

Join the fastest-growing outpatient radiology practice in the Nation- SimonMed Imaging! Our commitment to excellence and improving patient care paired with the best-in-class technology allows us to be an industry leader in the constantly evolving healthcare environment. Secure your spot now and take advantage of a unique career opportunity to advance your skills while working alongside a dedicated team of board-certified subspecialty radiologists. We can’t wait to meet you!

Summary 

We are seeking an experienced individual contributor to join our collaborative and balanced team as a Security GRC Analyst/Auditor. This role focuses on conducting thorough risk assessments, supporting governance, risk, and compliance (GRC) initiatives, and contributing to SimonMed Imaging's overall security posture in a healthcare setting. The ideal candidate will have substantial hands-on experience in information security, risk management, and GRC, particularly within the healthcare industry, and a deep understanding of healthcare regulations like HIPAA. 

Key Responsibilities 

• Conduct detailed risk assessments, including analyzing documentation, interviewing stakeholders, and reviewing materials to evaluate threats, vulnerabilities, likelihood, impact, and controls. 

• Manage and track vulnerability findings and mitigation efforts, ensuring risks are addressed and documented appropriately. 

• Oversee third-party risk management activities, including tracking assessments, reviewing vendor documentation, and ensuring compliance with healthcare-specific standards. 

• Maintain and contribute to the organization's risk register, including tracking, scoring, and updating risk statements for internal and external stakeholders. 

• Track security awareness training completions and follow up to ensure compliance with timelines and training goals. 

• Perform follow-up activities on exceptions, risk acceptance, corrective action plans, and mitigation efforts, including those related to third-party vendors. 

• Collaborate with project teams to ensure security requirements are met, identify risks, and recommend mitigation strategies, with an emphasis on compliance with healthcare-specific regulations. 

• Develop and maintain procedural documentation to support compliance with standards such as HIPAA, PCI-DSS, SOC 2, ISO 27001, and NIST CSF. 

• Communicate risk methodologies and strategies to leadership and stakeholders, including risk acceptance, transference, and mitigation efforts. 

• Stay informed on security technologies such as firewalls, intrusion prevention systems (IPS), intrusion detection systems (IDS, endpoint protection, data loss prevention (DLP), and security information and event management (SIEM) solutions. 

• Support compliance activities and audits, with a focus on HIPAA and other healthcare-related regulatory requirements. 

Minimum Qualifications 

• 3-5 years of direct experience in information security, IT risk management, or GRC functions. This experience must be specifically in the information security and risk management fields, not in entry-level roles (e.g., help desk or internships). 

• Strong knowledge of HIPAA regulations and their application in healthcare organizations. 

• Proven record of accomplishment of creating and maintaining procedural documentation to support compliance with standards such as HIPAA, PCI-DSS, SOC 2, ISO 27001, and NIST CSF.   

• Proven ability to conduct risk assessments and track security vulnerabilities. 

• Strong verbal and written communication skills, with the ability to present complex security and risk concepts to both technical and non-technical audiences. 

Preferred not Required Certifications 

Professional certifications such as CISSP, CISA, GSEC, or similar. 

Key Attributes 

• Strong analytical skills and attention to detail. 

• Ability to prioritize and manage multiple tasks effectively. 

• A collaborative mindset and the ability to work across teams. 

• Self-sufficient and confident in your area of expertise while respecting the skills and contributions of others. 

Additional Information 

This is an individual contributor role and does not include managerial or supervisory responsibilities. The position operates within a collaborative, balanced team environment where individual expertise is valued, contributions are respected, and everyone works together to achieve shared goals. Experience in the healthcare industry and familiarity with HIPAA compliance are essential to success in this role. 

PHYSICAL DEMANDS:  This position may require duties including lifting and carrying up to 40 pounds, sitting for prolonged periods of time, with frequent standing and walking.

DRESS ATTIRE:  Business Casual

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law. Employment is contingent upon successful completion of drug and background screening. Some positions will require a favorable driving record.