Lead GRC Analyst
About TherapyNotes
TherapyNotes is a national leader in behavioral health Practice Management and Electronic Health Records (EHR) software. Our software-as-a-service (SaaS) solution is at the forefront of innovation, seamlessly integrating patient scheduling, billing, documenting, and managing telehealth sessions, enabling clinicians and practice managers to focus on what matters most{{:}} quality patient care.
At TherapyNotes, we are a growing team of passionate and talented individuals. Our team thrives on collaboration and innovation, continually pushing the boundaries of what EHR software can do. We pride ourselves on our ability to adapt to the ever-evolving landscape of healthcare and technology, staying at the forefront of industry trends.
We believe in pushing each other to learn and solve complex problems, fostering an environment where your skills and expertise will flourish. Together, we are shaping the future of behavioral health software, making it easier for clinicians to provide the best possible care to their patients.
If you are passionate about technology, mental health, and making a difference, TherapyNotes is the place where you can realize your potential.
Position Description
TherapyNotes is seeking an experienced cyber security professional to join our team of technology enthusiasts. The right candidate should have a focus on cybersecurity compliance, security control implementation, risk/vulnerability management, continuous monitoring, and security awareness training. The role will serve as the liaison for external audits, oversee an internal cybersecurity audit program, and lead a team of GRC Analysts. This role requires a strong understanding of regulatory requirements, risk management frameworks, and industry best practices.
Responsibilities
5/31/2024
TherapyNotes is a national leader in behavioral health Practice Management and Electronic Health Records (EHR) software. Our software-as-a-service (SaaS) solution is at the forefront of innovation, seamlessly integrating patient scheduling, billing, documenting, and managing telehealth sessions, enabling clinicians and practice managers to focus on what matters most{{:}} quality patient care.
At TherapyNotes, we are a growing team of passionate and talented individuals. Our team thrives on collaboration and innovation, continually pushing the boundaries of what EHR software can do. We pride ourselves on our ability to adapt to the ever-evolving landscape of healthcare and technology, staying at the forefront of industry trends.
We believe in pushing each other to learn and solve complex problems, fostering an environment where your skills and expertise will flourish. Together, we are shaping the future of behavioral health software, making it easier for clinicians to provide the best possible care to their patients.
If you are passionate about technology, mental health, and making a difference, TherapyNotes is the place where you can realize your potential.
Position Description
TherapyNotes is seeking an experienced cyber security professional to join our team of technology enthusiasts. The right candidate should have a focus on cybersecurity compliance, security control implementation, risk/vulnerability management, continuous monitoring, and security awareness training. The role will serve as the liaison for external audits, oversee an internal cybersecurity audit program, and lead a team of GRC Analysts. This role requires a strong understanding of regulatory requirements, risk management frameworks, and industry best practices.
Responsibilities
- Develop and implement GRC strategies, policies, and procedures to ensure compliance with regulatory standards and industry best practices
- Lead the assessment and management of risks across the organization, including conducting risk assessments, identifying gaps, and developing mitigation plans
- Collaborate with cross-functional teams to integrate GRC principles into business processes and systems
- Monitor regulatory changes and industry trends to ensure the organization remains compliant and proactive in addressing emerging risks
- Provide guidance and training to employees on GRC policies, procedures, and best practices
- Oversee the execution of audits, assessments, and compliance activities to validate adherence to compliance standards
- Act as a liaison with external auditors, regulators, and stakeholders on GRC-related matters
- Develop and maintain key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives
- Mentor and coach GRC analysts, fostering their professional development and growth within the organization
- Drive the execution and continual improvement of the company's information security program, including meeting HIPAA-HITECH, state, and GDPR compliance requirements
- Identify and document cyber risks and manage mitigation, follow up on open security risks, and report issues to leadership
- Assist with ad-hoc compliance reporting and follow up with customers and/or support partners to ensure all identified vulnerabilities are being addressed
- Provide support to Information Security Incident Response team during cyber/privacy incidents
- Validate that information security requirements are built into architectures and new technology projects
- Ensures the running application and developing codebase protects the confidentiality, integrity, and availability of our customer's data
- Evaluate the technical security posture of newly proposed third-party solutions
- BS degree in Information Security, Risk Management, Business Administration, or related field
- 5+ years of experience in GRC, risk management, or related fields, with demonstrated leadership experience
- Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) strongly preferred
- Strong knowledge of regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS, CPRA) and industry standards (e.g., ISO 27001, NIST)
- Expert in designing, implementing, and maintaining security solutions
- Experience developing and implementing GRC frameworks, policies, and procedures
- Excellent analytical skills with the ability to assess complex risks and develop effective mitigation strategies
- Exceptional communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization
- Proven ability to lead and manage projects, including coordinating cross-functional teams and delivering results on time
- Ability to adapt to a fast-paced and dynamic environment, with a focus on continuous improvement and innovation
- Expert in OWASP, CIS and/or other security standards and secure configuration baselines
- Proficiency with cloud-based solutions and web related technologies
- Please feel free to submit your application if you feel you would be a good fit for this role, but you don't meet all the required and preferred skills. We will take a look at your resume!
- Competitive salary - $100,000-$140,000
- Employer sponsored health, dental, vision, life, and disability insurance
- Retirement plan with company contribution
- Annual company profit sharing
- Personal development/training budget
- Open, collaborative work environment
- Extensive 2-week onboarding plan
- Comprehensive mentorship program
5/31/2024
-
Seniority level
Mid-Senior level -
Employment type
Full-time -
Job function
Information Technology -
Industries
Technology, Information and Internet
Referrals increase your chances of interviewing at TherapyNotes, LLC by 2x
See who you knowGet notified about new Lead Analyst jobs in Charlotte, NC.
Sign in to create job alertSimilar jobs
People also viewed
-
Senior Analyst, Customer Experience & Support
Senior Analyst, Customer Experience & Support
-
Senior Analyst, Customer Experience & Support
Senior Analyst, Customer Experience & Support
-
Senior Analyst, Customer Experience & Support
Senior Analyst, Customer Experience & Support
-
Remote Work - Need Pharma BA
Remote Work - Need Pharma BA
-
Lead Marketing Analyst Role (REMOTE)
Lead Marketing Analyst Role (REMOTE)
-
Senior Analyst, Customer Experience & Support
Senior Analyst, Customer Experience & Support
-
Join Our Team as a Senior Reimbursement Analyst - Remote Opportunity!
Join Our Team as a Senior Reimbursement Analyst - Remote Opportunity!
-
Senior Project Analyst
Senior Project Analyst
-
Remote Work - Need Business Analyst
Remote Work - Need Business Analyst
-
Remote Work - Need Clinical Business Analyst
Remote Work - Need Clinical Business Analyst
Looking for a job?
Visit the Career Advice Hub to see tips on interviewing and resume writing.
View Career Advice Hub