Senior Security Governance Risk & Compliance (GRC) Analyst
Senior Security Governance Risk & Compliance (GRC) Analyst
Alma is seeking a mission-driven Senior Security Governance Risk and Compliance (GRC) Analyst to join our team. We are dedicated to building secure and compliant tools and services that help providers more easily manage and grow their practice.
Acting as a principal aide to the VP of Security and IT, this role will play a critical role in enabling a culture of security at Alma, making security a product differentiator that builds confidence and trust with our providers, and preparing Alma for annual audits and certifications (such as SOC 2 and HITRUST). In this role you will perform risk assessments, create and maintain our security policies, educate our staff by developing a security awareness program, respond to security assessments, and review our vendor’s security.
What you’ll do:
Perform risk assessments and reports on Alma’s risk management program
Collaborate with stakeholders to identify and facilitate the implementation of mitigating controls
Streamline and maintain Alma’s security policies and standards
Prepare the organization and facilitate annual audits and certifications (SOC 2, PCI)
Educate Alma’s staff by creating and managing an effective security awareness program
Develop our vendor risk program, ensuring our vendors meet Alma security standards
Develop Alma’s Trust program, preparing materials and responses to security assessments, and making security a product differentiator that builds confidence and instills trust in our providers
Develop and measure key metrics, and coordinate activities in support of cybersecurity priorities
Who you are:
You have 5+ years of work experience in Information Security, especially in a GRC analysis role
You have experience working in health tech or other highly regulated industries (banking, insurance, etc)
You have experience leading SOC 2 audits and/or HITRUST certifications with minimal findings
You have experience deploying GRC solutions (Drata or equivalent), putting in place a unified control framework enabling evidence collection automation and continuous compliance
You strongly understand security best practices and controls frameworks (NIST CSF, NIST 800-53, AICPA Trust Services Criteria, HITRUST CSF, PCI DSS, HIPAA Security Rule, and Breach Notification)
You have experience implementing security controls and policies that align with AWS security best practices
You have experience driving security awareness programs, including phishing simulation tools (KnowBe4 or equivalent)
You have experience performing risk assessments, with an understanding of quantitative risk analysis frameworks (FAIR)
You have experience writing customer-facing materials in partnership with with product and marketing teams
You have strong written and verbal communication skills and can convey complex technical topics to non-technical stakeholders clearly and concisely
You feel a passion for Alma's mission – to improve the experience of therapy for providers and their clients and simplify access to care
Benefits:
We’re a remote-first company
Health insurance plans through Aetna (medical and dental) and MetLife (vision), including FSA and HSA plans
401K plan (ADP)
Monthly therapy and wellness stipends
Monthly co-working space membership stipend
Monthly work-from-home stipend
Financial wellness benefits through Northstar
Pet discount program through United Pet Care
Financial perks and rewards through BenefitHub
EAP access through Aetna
One-time home office stipend to set up your home office
Comprehensive parental leave plans
11 paid holidays, 1 Alma Mental Health Day, and 1 Alma Volunteering Day
Flexible PTO
Salary Band: $145,000 - $174,000
Alma’s compensation philosophy is driven by our company value of building equity. To best ensure pay equity, we typically bring in new hires near the middle of our listed salary bands and we do not negotiate our compensation (i.e. all people hired at the same level & role are brought in at the same salary, equity, and benefits). The recruiter you work with can provide more details on our philosophy.
All Alma jobs are listed on our careers page. We do not use outside applications or automated text messaging in our recruiting process. We will not ask for any sensitive financial or identification information throughout the recruiting process. Any communication during the recruitment process, including interview requests or job offers, will come directly from a recruiting team member with a helloalma.com email address.
About the job
Apply for this position
Senior Security Governance Risk & Compliance (GRC) Analyst
Senior Security Governance Risk & Compliance (GRC) Analyst
Alma is seeking a mission-driven Senior Security Governance Risk and Compliance (GRC) Analyst to join our team. We are dedicated to building secure and compliant tools and services that help providers more easily manage and grow their practice.
Acting as a principal aide to the VP of Security and IT, this role will play a critical role in enabling a culture of security at Alma, making security a product differentiator that builds confidence and trust with our providers, and preparing Alma for annual audits and certifications (such as SOC 2 and HITRUST). In this role you will perform risk assessments, create and maintain our security policies, educate our staff by developing a security awareness program, respond to security assessments, and review our vendor’s security.
What you’ll do:
Perform risk assessments and reports on Alma’s risk management program
Collaborate with stakeholders to identify and facilitate the implementation of mitigating controls
Streamline and maintain Alma’s security policies and standards
Prepare the organization and facilitate annual audits and certifications (SOC 2, PCI)
Educate Alma’s staff by creating and managing an effective security awareness program
Develop our vendor risk program, ensuring our vendors meet Alma security standards
Develop Alma’s Trust program, preparing materials and responses to security assessments, and making security a product differentiator that builds confidence and instills trust in our providers
Develop and measure key metrics, and coordinate activities in support of cybersecurity priorities
Who you are:
You have 5+ years of work experience in Information Security, especially in a GRC analysis role
You have experience working in health tech or other highly regulated industries (banking, insurance, etc)
You have experience leading SOC 2 audits and/or HITRUST certifications with minimal findings
You have experience deploying GRC solutions (Drata or equivalent), putting in place a unified control framework enabling evidence collection automation and continuous compliance
You strongly understand security best practices and controls frameworks (NIST CSF, NIST 800-53, AICPA Trust Services Criteria, HITRUST CSF, PCI DSS, HIPAA Security Rule, and Breach Notification)
You have experience implementing security controls and policies that align with AWS security best practices
You have experience driving security awareness programs, including phishing simulation tools (KnowBe4 or equivalent)
You have experience performing risk assessments, with an understanding of quantitative risk analysis frameworks (FAIR)
You have experience writing customer-facing materials in partnership with with product and marketing teams
You have strong written and verbal communication skills and can convey complex technical topics to non-technical stakeholders clearly and concisely
You feel a passion for Alma's mission – to improve the experience of therapy for providers and their clients and simplify access to care
Benefits:
We’re a remote-first company
Health insurance plans through Aetna (medical and dental) and MetLife (vision), including FSA and HSA plans
401K plan (ADP)
Monthly therapy and wellness stipends
Monthly co-working space membership stipend
Monthly work-from-home stipend
Financial wellness benefits through Northstar
Pet discount program through United Pet Care
Financial perks and rewards through BenefitHub
EAP access through Aetna
One-time home office stipend to set up your home office
Comprehensive parental leave plans
11 paid holidays, 1 Alma Mental Health Day, and 1 Alma Volunteering Day
Flexible PTO
Salary Band: $145,000 - $174,000
Alma’s compensation philosophy is driven by our company value of building equity. To best ensure pay equity, we typically bring in new hires near the middle of our listed salary bands and we do not negotiate our compensation (i.e. all people hired at the same level & role are brought in at the same salary, equity, and benefits). The recruiter you work with can provide more details on our philosophy.
All Alma jobs are listed on our careers page. We do not use outside applications or automated text messaging in our recruiting process. We will not ask for any sensitive financial or identification information throughout the recruiting process. Any communication during the recruitment process, including interview requests or job offers, will come directly from a recruiting team member with a helloalma.com email address.