Lead Security Analyst - GRC
Lead Security Analyst - GRC
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
At Collective Health were transforming how employers and their people engage with their health benefits by seamlessly integrating cutting-edge technology compassionate service and world-class user experience design.
Youll lead initiatives that address the companysand some of our industrysmost sophisticated and meaningful security engineering challenges. You will build relationships across all parts of the business and drive multi-functional initiatives to continuously improve our security and privacy posture. You will be responsible for building and implementing controls that can scale and optimize as we move into a context-aware security environment.
What youll do:
Governance & Compliance:
- Evaluate and implement security controls based on frameworks such as NIST CIS HIPAA SOC 2 and HITRUST.
- Develop and maintain policies procedures and documentation (controls narratives matrices).
- Lead SOC 2 and HITRUST audit engagements from audit planning through remediation.
- Coordinate and monitor third-party risk assessments and compliance reviews.
- Own and lead BCP (Business Continuity Planning) and BIA (Business Impact Assessments) efforts.
- Build and maintain security risk registry
Audit & Risk Management:
- Perform audit readiness assessments and support internal/external audits.
- Partner with external auditors control owners and leadership to minimize business disruption.
- Track and drive remediation plans based on audit findings and compliance gaps.
- Maintain and communicate exception documentation for policy deviations.
- Educate and guide control/risk owners on their responsibilities.
Advisory & Communication:
- Act as a liaison between technical and non-technical stakeholders.
- Respond to security questionnaires RFIs and client compliance inquiries.
- Develop and deliver security awareness and training programs.
- Provide executive reporting on program status risks and overall health.
To be successful in this role youll need:
Required:
- 8 years in cybersecurity GRC audit or risk/compliance roles.
- Experience managing SOC 2 / HITRUST audits especially in cloud-native environments.
- Strong working knowledge of security frameworks and regulatory requirements.
- Demonstrated policy data management and risk mitigation capabilities.
- Familiarity with GRC tools and audit processes.
- Excellent communication and cross-functional collaboration skills.
Preferred (Nice to Haves):
- Big 4 accounting firm background.
- Professional certifications: CISSP CISA CRISC CISM or similar.
Pay Transparency Statement
This is a hybrid position based out of one of our offices: San Francisco CA Plano TX or Lehi UT. Hybrid employees are expected to be in the office two days per week.#LI-hybrid
The actual pay rate offered within the range will depend on factors including geographic location qualifications experience and internal equity. In addition to the salary you will be eligible for stock options and benefits like health insurance 401k and paid time off. Learn more about our benefits at Francisco CA Pay Range
Why Join Us
- Mission-driven culture that values innovation collaboration and a commitment to excellence in healthcare
- Impactful projects that shape the future of our organization
- Opportunities for professional development through internal mobility opportunities mentorship programs and courses tailored to your interests
- Flexible work arrangements and a supportive work-life balance
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race religion color national origin gender sexual orientation age marital status veteran status or disability status. Collective Health is committed to providing support to candidates who require reasonable accommodation during the interview process. If you need assistance please contact .
Privacy Notice
For more information about why we need your data and how we use it please see our privacy policy: Experience:
IC
Employment Type
Full Time
