Investing in the Future of Healthcare and FinTech

Investing in the Future of Healthcare and FinTech

Companies you'll love to work for

GRC Analyst



Posted on Wednesday, August 30, 2023

Join the frontlines of today's healthcare transformation

We're looking for a GRC Analyst to help us transform the way primary care is delivered and how patients are served.

Why VillageMD?

VillageMD is changing the trajectory of healthcare. We’re empowering primary care physicians to make informed decisions, and engaging patients in meaningful ways. We work with thousands of clinicians and healthcare disruptors across the country, improving patient health while driving down the cost to deliver it.

We are a mission-oriented organization, and we are thrilled about the work that we accomplish every day. We’re transparent. Collaborative. Relentless in pursuit of our mission. With a confidence to lead but the humility to never stop learning. We believe that diverse backgrounds and experiences create the best opportunity for innovation. And we know that the community we are growing is greater than any one individual.

We’ve built our technology using the best of cloud and open-source technologies to create an open, data-first platform that is enriched with analytical models and connected to the most modern internal and external apps. These apps drive clinical decision support, patient engagement and other facilitators of innovative, information-enriched health experiences.

Could this be you?

See for yourself how the GRC Analyst helps reshape successful healthcare with VillageMD:

We are seeking a security analyst who can perform the fundamental tasks assigned as a GRC Analyst and fulfill the daily operations of Security Risk Management and Awareness Programs.

How you can make a difference

During your first year, you can expect the following professional challenges:

  • Assist the Vendor Risk Lead with vendor review activities.
    • Conduct thorough assessments of third-party vendors to evaluate their security posture and ensure compliance with company policies and relevant regulations (e.g. HIPAA, SOC2, SOX, HITRUST)
    • Collaborate with various business unites to identify, assess, and track remediation of potential risks associated with third-party vendor engagements
    • Maintain a comprehensive third party vendor risk register, tracking risk scores, security performance, remediation efforts, and annual review results
  • Assist the Security Awareness Lead to advance the VillageMD Security Awareness program
    • Design and implement security awareness program components to educate employees about information security best practices, policies, and procedures.
    • Develop engaging training materials, phishing simulation campaigns, and newsletter communications, to promote a security-conscious culture throughout the organization
    • Monitor the effectiveness of security awareness initiatives and continuously improve the program to address emerging threats
  • Assist the Security Risk Management Lead to track and address identified risks
    • Identify, assess and prioritize information security risks in collaboration with cross-functional teams, ensuring alignment to security controls and organizational risk tolerance
    • Provide actionable recommendations to the business for risk mitigation and risk acceptance decisions, while assisting VillageMD technology and business leaders with remediation efforts
    • Perform risk assessment activities and conduct risk assessment across different business units and systems
  • Work with VillageMD security and technology delivery teams to maintain an effective suite of technology policies and controls
    • Assist in the review and maintenance of information security policies, standards, and guidelines in line with industry best practices and regulatory requirements.
    • Ensure compliance with established policies by monitoring adherence, identifying policy exceptions, tracking risk decisions and working with stakeholders to implement corrective actions promptly.

Skills for success

As a successful GRC Analyst you possess:

  • Strong organizational and process documentation skills
  • The ability to create and refine processes that are adaptable but wildly scalable
  • Think clearly, communicate concisely, and collaborate always.
  • Thrive in a fast-paced environment, with, at times, minimal guidance, and absorb information quickly to create a plan to execute against.
  • A low ego; an ability to gain trust by doing what you say you will do
  • The ability to adapt to changing priorities and business/IT demands.

Experience to drive change

  • Proven experience in Information Security, Governance, Risk and Compliance (GRC) operations, preferably within a healthcare environment.
  • 3+ years in Information Security, with focus on achieving compliance with industry accepted frameworks and regulatory policy including, but not limited to NIST 800-53, HITRUST, HIPAA etc.
  • History of optimization of process and projects across functional areas
  • Track record of successfully executing projects in collaboration with both technical and non-technical stakeholders.
  • CISSP, CISM, CISA or comparable security certification or working towards preferred.
  • Graduate Degree (MBA, MIS, etc.) or working towards preferred, but not necessary.

How you will thrive:

In addition to competitive salaries, a 401k program with company match, bonus and a valuable health benefits package, VillageMD offers paid parental leave, pre-tax savings on commuter expenses, and generous paid time off. You work in a highly-collaborative, conscientious, forward-thinking environment that welcomes your experience and enables you to make a significant impact from Day 1.

Most importantly, you make a difference. You see a clear connection between your daily work on VillageMD products and services and the advancement of innovative solutions and improved quality of healthcare for providers and patients.

Our unique VillageMD culture – how inclusion and diversity make the difference:

At VillageMD, we see diversity and inclusion as a source of strength in transforming healthcare. We believe building trust and innovation are best achieved through diverse perspectives. To us, acceptance and respect are rooted in an understanding that people do not experience things in the same way, including our healthcare system. Individuals seeking employment at VillageMD are considered without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.

Those seeking employment at VillageMD are considered without regard to race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status or disability status.

Explore your future with VillageMD today.