Description

You will own key deliverables for security and compliance programs in a growing healthcare organization, including core GRC operations, customer assurance, vendor risk management, and AI governance. This role offers hands-on GRC work and growth as a senior individual contributor.

Requirements

• 3-5 years of experience in information security, GRC, or related disciplines
• Familiarity with SOC 2, ISO 27001, NIST, HIPAA
• Experience responding to security questionnaires and customer due diligence
• Experience performing vendor security reviews and risk assessments
• Strong organizational skills and ability to manage multiple deadlines

Responsibilities

• Coordinate and execute recurring GRC tasks (access reviews, audit evidence collection, risk register reconciliation)
• Assist with internal and external audits, ensuring timely evidence collection
• Lead responses for customer security questionnaires and RFPs
• Conduct initial and periodic vendor risk assessments, track remediation plans
• Support AI risk and governance controls in alignment with ISO/IEC 42001