We’re hiring experienced Governance, Risk, & Compliance Analyst!
Are you an experienced Governance, Risk, and Compliance Analyst with at least two years of successful compliance experience? Are you looking for an exciting new opportunity in a fast-growing company? We might have the perfect role for you!
As a GRC Analyst at ZOOM+Care, you will be responsible for leading the day to day cybersecurity compliance, data governance, and security risk management functions. You will define, create, and manage cybersecurity policies and standards in support of legal and regulatory compliance needs, as well as perform general IT and organizational information security practices.
A little about ZOOM+Care®
We care for over 200,000 people per year at our 42+ neighborhood clinics in Portland and Seattle. Our services include urgent care, primary care, specialty care, mental health, telemedicine and more. ZOOM+Care was built on our of Promise of "Twice 1/2 Ten" - twice health, half the cost, ten times the delight. ZOOM+Care has been recognized for innovative care delivery and admired for its willingness to challenge the status-quo.
- Collaborate to define IT security standards and develop supporting organizational policies
- Assists in the ongoing maturation of the Cyber Security risk and compliance program
- Perform security and compliance assessments on new and existing systems, processes, technology
- Assists with validating prospective issues with stakeholders, providing technical and procedural guidance regarding remediation of these issues, and tracking progress of remediation activities until closed
- Assists in the facilitation of IT risk analyses and the creation of risk management processes
- Assists in the investigation and analysis of technology audit recommendations
- Monitors and reports on audit remediation efforts
- Support vendor due-diligence process and help to lead and define overall third party risk management efforts
- Work with various business units to ensure controls are adequate, appropriate, and effective
- Support internal and external audit processes for relevant compliance concerns including SOC 2 and HIPAA controls
- Perform business impact analysis and assist with development of IT/Cybersecurity risk register
- Interface with IT and business partners to provide guidance and support
- Perform periodic gap assessments to validate compliance on an ongoing basis
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends
- ISACA or (ISC)2 Certification a plus.
- Significant experience with legal and regulatory compliance standards such as SOC 2, HIPAA, etc.
- Industry certifications in cyber security such as but not limited to, CISSP/CISM certification is a plus
- Experience with IT governance, risk, and compliance management.
- Excellent written and oral communication skills.
- Strong work ethic with attention to detail.
- Ability to excel in a fast paced and rapidly changing environment.
- Exciting compensation and benefits package including Health & Wellness Benefits, 401K with employer match, Paid Time Off & Parental Leave, and additional benefits and rewards.