Senior GRC Associate

About The Position

Requirements

• Bachelor’s degree or equivalent years of IT work experience
• Minimum 4+ years of experience with a concentration in IT Governance, Risk, and Compliance
• Experience achieving and maintaining HITRUST certification
• Experience with SOC Controls
• Excellent communication skills including the ability to communicate technical issues to users with little technical background/expertise
• Focus on Integrity and Reliability
• Self-motivated, proactive and able to manage multiple priorities
• Ability to work with audiences at all levels of the organization
• Mastered knowledge in: Microsoft office suite
• Mastered knowledge in: Technical writing
• Mastered knowledge in: Internal/External auditing

Nice To Haves

• CCSFP
• CRISC
• CISA

Responsibilities

• Lead and coordinate HITRUST certification efforts, including audit readiness, evidence management, and external assessor coordination
• Support SOC 2 Type II compliance, including control testing, audit support, and ongoing control effectiveness monitoring
• Manage Disaster Recovery and Business Continuity programs, including planning, coordination, and execution of testing exercises
• Lead responses to customer security questionnaires (DDQs) and internal compliance requests, partnering cross-functionally to deliver accurate and timely information
• Drive remediation by managing corrective action plans (CAPs) and coordinating cross-functional efforts to closure
• Drive vendor risk management and security due diligence processes
• Maintain security documentation and support ongoing compliance initiatives, including AI governance and data practices in an AI-forward environment

Benefits

• comprehensive benefits package
• retirement benefits
• health and welfare benefits
• paid time off
• parental leave
• life and accident insurance
• other voluntary and well-being benefits