Information Security Analyst (GRC)

Boston Childrens Health Physicians LLP
Valhalla, United States of America
16 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Intermediate
Compensation
$ 140K

Job location

Remote
Valhalla, United States of America

Tech stack

Microsoft Windows
Software System Penetration Testing
Computer Security
Information Systems
Information Security Management
Information Technology Audit
Phishing
Information Technology
CIS Benchmarks
ServiceNow

Job description

Boston Children's Health Physicians (BCHP) is seeking an experienced IT Security Analyst - Governance, Risk & Compliance (GRC) to support and mature our enterprise information security program. This position will play a key role in helping BCHP strengthen cybersecurity governance, manage risk, maintain regulatory compliance, oversee security assessments, support third-party risk management, and drive continuous improvement across our security program. The ideal candidate will serve as a bridge between Information Security, Compliance, Operations, and external service providers, helping ensure BCHP maintains a strong security posture while supporting the delivery of quality patient care. This role reports directly to the Senior Director, Information Systems & Information Security (Security Officer).

Budget for position

  • $100,000-$140,000 per year based on qualifications.

Role and Responsibilities

Governance & Compliance

  • Support the development, maintenance, and continuous improvement of BCHP's Information Security Program.
  • Assist with security policy development, review, implementation, and lifecycle management.
  • Monitor compliance with HIPAA, HITECH, NIST Cybersecurity Framework, CIS Controls, and organizational security standards.
  • Track remediation efforts resulting from audits, assessments, and risk analyses.
  • Maintain security governance documentation, evidence repositories, and compliance records.

Risk Management

  • Conduct and document security risk assessments.
  • Assist with enterprise risk identification, analysis, and mitigation planning.
  • Maintain risk registers and remediation tracking activities.
  • Participate in annual Security Risk Assessments (SRA) and third-party assessments.

Vendor & Third-Party Risk Management

  • Perform security reviews of vendors, business associates, and service providers.
  • Review security questionnaires, SOC reports, penetration test summaries, and related documentation.
  • Track vendor remediation activities and ongoing monitoring requirements.
  • Support Business Associate Agreement (BAA) and security review processes.

Audit & Assessment Support

  • Coordinate internal and external security audits.
  • Gather evidence and documentation for regulatory, compliance, and customer audits.
  • Assist with preparation for HIPAA, cybersecurity, and third-party assessments.
  • Monitor corrective action plans through completion.
  • Security Awareness & Training
  • Support enterprise security awareness initiatives.
  • Assist with phishing simulation programs and training campaigns.
  • Track workforce training completion and reporting metrics.

Security Program Reporting

  • Develop security metrics, dashboards, and executive reports.
  • Monitor compliance with security policies and standards.
  • Provide recommendations for program improvements and risk reduction., This position offers significant visibility across the organization and the opportunity to directly influence the future direction of BCHP's security and compliance program.

Requirements

  • Bachelor's degree in information security, Cybersecurity, Information Technology, Business, or related field (or equivalent experience).
  • 3+ years of experience in Information Security, IT Audit, Risk Management, Compliance, or Governance.
  • Knowledge of:
  • HIPAA Security Rule
  • NIST Cybersecurity Framework
  • CIS Controls
  • Security Risk Assessments
  • Vendor Risk Management
  • Security Policies and Procedures
  • Strong documentation, analytical, and organizational skills.
  • Excellent communication and presentation abilities.

Preferred

  • Experience in healthcare, healthcare technology, or regulated environments.
  • Experience supporting security audits and regulatory assessments.
  • Familiarity with:
  • Microsoft 365 Security & Compliance
  • Microsoft Purview
  • Microsoft Defender
  • Sentinel
  • CrowdStrike
  • Proofpoint
  • ServiceNow or similar ticketing platforms

Preferred Certifications

  • Security+
  • GSEC
  • SSCP
  • CISA
  • CRISC
  • CGRC (formerly CAP)
  • CISSP (or pursuing)

Benefits & conditions

  • Competitive salary and comprehensive benefits package
  • Supportive, inclusive, and growth focused company culture
  • Access to continuous professional development
  • Flexible work environment

Apply for this position