Senior Information Security GRC Analyst (Medtech)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior Information Security GRC Analyst (Medtech): Leading enterprise governance, risk, and compliance initiatives within a regulated healthcare environment with an accent on audit readiness, third-party risk management, and policy governance. Focus on aligning security frameworks like HITRUST, ISO 27001, and SOC 2 with medical device regulatory requirements and strengthening the overall security posture.
Location: Must be based in Irvine, CA, United States
Compensation: $130,000–$170,000
Company
is a global medical technology company that develops and produces a wide array of industry-leading monitoring technologies and healthcare solutions.
What you will do
- Lead coordination of external security audits and certifications including HITRUST, ISO 27001, and SOC 2.
- Conduct third-party and supply chain cybersecurity risk assessments and due diligence.
- Manage security exceptions, risk acceptance requests, and track remediation activities.
- Develop and maintain information security policies, standards, and compliance documentation.
- Collaborate with cross-functional teams to respond to customer security assessments and compliance inquiries.
- Develop governance reporting metrics and dashboards to monitor compliance maturity.
Requirements
- 7+ years of experience in information security GRC, IT audit, or cybersecurity risk management.
- Proven experience leading security audits for frameworks like HITRUST, ISO 27001, or SOC 2.
- Strong understanding of risk management concepts and security control frameworks.
- Ability to communicate technical security concepts to both technical and non-technical stakeholders.
- Bachelor’s degree in Information Security, Cybersecurity, or related field.
- Must be authorized to work in the United States.
Nice to have
- Experience in healthcare, medical device, or biotechnology industries.
- Familiarity with HIPAA, FDA regulations, NIST CSF, or PCI DSS.
- Industry certifications such as CISSP, CISA, CRISC, or CISM.
- Experience using GRC platforms for audit and risk reporting.
Culture & Benefits
- Comprehensive health benefits including Medical, Dental, and Vision insurance.
- Retirement savings plan with 401(k).
- Paid time off including vacation, sick leave, and holidays.
- On-site wellness clinic, fitness center, and café.
- Supportive environment committed to diversity and professional growth.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →