GRC Security Analyst

Reimagine the infrastructure of cancer care within a community that values integrity, inspires growth, and is uniquely positioned to create a more modern, connected oncology ecosystem.
We're looking for a GRC Security Analyst to help us accomplish our mission to improve lives by learning from the experience of every cancer patient. Here's what you need to know about the role, our team and why Flatiron Health is the right next step in your career.
What You'll Do
As a member of the Governance, Risk and Compliance (GRC) team, you will support Flatiron's commitment to regulatory compliance and develop solutions and processes that further the goals of the organization while ensuring the protection of our patients' information. In addition, you'll also:

• Support Security related implementations and projects by coordinating with technical and non-technical teams to ensure success
• Facilitate product and organizational specific audits to maintain compliance with regulatory requirements
• Proactively identify and develop solutions to data security issues by working with multiple teams including Privacy, Legal, HR, Procurement and vendors
• Effectively communicate security needs and business requirements to stakeholders
• Serve as an advisor and internal consultant on identified issues, project plans or any other initiative that may have security implications
• Perform risk based analysis on proposed projects, vendors, and issue resolution implementations
• Test implemented controls and perform risk assessments based on established frameworks and Flatiron internal policies
• Mature the vendor risk assessment process and evaluate assessments using a risk based approach
• Respond to client security risk assessment questionnaires by gathering information from across the organization as necessary
• Promote security education and awareness across Flatiron

Who You Are
You're someone who takes pride in managing security risks within a dynamic enterprise; you're passionate about identifying issues and working with the appropriate stakeholders to solve them. You're excited by the prospect of rolling up your sleeves to tackle meaningful problems each and every day. You're a kind, passionate and collaborative problem-solver who seeks and gives candid feedback, and values the chance to make an important impact. You have:

• 3+ years relevant experience (Third party risk assessment, NIST 800-53 experience, Interpretation & Maintenance of Security Policies / Standards, Risk Management)
• 3+ years of audit experience (planning, leading, facilitating security audits)
• Experience working with security frameworks (HIPAA, PCI, NIST, ISO etc)
• Proven ability to manage risk and projects in a face paced environment
• Ability to communicate risk effectively to stakeholders within the organization.
• Superior organizational skills and attention to detail
• Excellent interpersonal, writing and communication skills
• Ability to constantly prioritize and change or adapt to ambiguous situations
• Passionate about healthcare and the fight against cancer

Extra Credit

• You have HIPAA experience

Where you'll work
In this remote position, you have the freedom to choose your preferred work location while aligning your working hours with your team's. For further details on our hybrid work approach and remote work type, please visit the how we work website.
Life at Flatiron
At Flatiron Health, we offer a full range of benefits to support you and your loved ones so you can focus your working hours on improving cancer care and accelerating cancer research, and your non-working hours on everything else life has to offer:

• Work/life autonomy via flexible work hours and flexible paid time off
• Comprehensive compensation package
• 401(k) contribution to help you reach your retirement planning goals
• Financial health resources including 1:1 financial advice
• Mental well-being tools and services
• Parental benefits and policies including family-building care and generous leave
• Path to parenthood programs supporting fertility, adoption and surrogacy
• Travel support for safe healthcare services

In addition to our robust benefit offerings, visit our Life at Flatiron page to learn how we support continuous learning and celebrate Diversity in the workplace.
Preferred Primary Location: Remote - US general
The annual pay range reflected above for this position is based on the preferred primary location of the role which is listed in the job description. Salary ranges for other locations vary from the range reflected above. Base pay offered may vary depending on job-related knowledge, skills, and experience. An annual bonus and equity may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, dependent on the position offered.