Назад
Company hidden
1 день назад

Senior Information Security GRC Analyst (Medtech)

130 000 - 170 000$
Формат работы
onsite
Тип работы
fulltime
Грейд
senior
Английский
c1
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Senior Information Security GRC Analyst (Medtech): Leading enterprise governance, risk, and compliance initiatives within a regulated healthcare environment with an accent on audit readiness, third-party risk management, and policy governance. Focus on aligning security frameworks like HITRUST, ISO 27001, and SOC 2 with medical device regulatory requirements and strengthening the overall security posture.

Location: Must be based in Irvine, CA, United States

Compensation: $130,000–$170,000

Company

hirify.global is a global medical technology company that develops and produces a wide array of industry-leading monitoring technologies and healthcare solutions.

What you will do

  • Lead coordination of external security audits and certifications including HITRUST, ISO 27001, and SOC 2.
  • Conduct third-party and supply chain cybersecurity risk assessments and due diligence.
  • Manage security exceptions, risk acceptance requests, and track remediation activities.
  • Develop and maintain information security policies, standards, and compliance documentation.
  • Collaborate with cross-functional teams to respond to customer security assessments and compliance inquiries.
  • Develop governance reporting metrics and dashboards to monitor compliance maturity.

Requirements

  • 7+ years of experience in information security GRC, IT audit, or cybersecurity risk management.
  • Proven experience leading security audits for frameworks like HITRUST, ISO 27001, or SOC 2.
  • Strong understanding of risk management concepts and security control frameworks.
  • Ability to communicate technical security concepts to both technical and non-technical stakeholders.
  • Bachelor’s degree in Information Security, Cybersecurity, or related field.
  • Must be authorized to work in the United States.

Nice to have

  • Experience in healthcare, medical device, or biotechnology industries.
  • Familiarity with HIPAA, FDA regulations, NIST CSF, or PCI DSS.
  • Industry certifications such as CISSP, CISA, CRISC, or CISM.
  • Experience using GRC platforms for audit and risk reporting.

Culture & Benefits

  • Comprehensive health benefits including Medical, Dental, and Vision insurance.
  • Retirement savings plan with 401(k).
  • Paid time off including vacation, sick leave, and holidays.
  • On-site wellness clinic, fitness center, and café.
  • Supportive environment committed to diversity and professional growth.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →