Senior Security Engineer I - GRC
Austin, TX
Aledade
Aledade works with independent practices, health centers, and clinics to build and lead Accountable Care Organizations (ACOs) anchored in primary care.Beyond GRC and technical expertise, your efforts will support protecting patients, our employees, and Aledade as a whole. Our technology saves lives and improves the mental and physical health for millions of people. At Aledade, we empower primary care physicians with technology to keep their patients healthy, preventing unnecessary hospitalizations.
Primary Duties:
- Working cross-functionally to measure & report on risk, achieve & maintain compliance, manage assessments/audits, and contribute to security GRC strategy & advisory efforts
- Leveraging data to understand trends, metrics, and opportunities to improve our security posture and then helping execute on those opportunities with stakeholders
- Leading and enhancing risk management efforts, spearheading qualitative risk assessments & quantitative risk analysis, responsible for third party risk management (TPRM), and participate in mitigation strategies in a cross-functional environment to ensure effective resolution and remediation of security risks / issues
- Helping craft and refine security documentation pertinent to our Security Program, such as policies, standards, baselines, and standard operating procedures
Minimum Qualifications:
- BS / BTech (or higher) in Computer Science, Information Technology, Cybersecurity or a related field, 6 years security domain experience without degree
- 4+ years combined experience as a GRC specialist in an enterprise environment (preferably cloud) across multiple disciplines
- 3+ years of relevant work experience in risk reporting, developing & collecting metrics, and working on audits/assessments
- 2+ years of experience in performing third party risk management activities
Preferred KSA’s:
- Security specific and/or related certifications (e.g. CISSP, CISA, CRISC, CDPSE, CIPP, GIAC, AWS certifications)
- Knowledge of security frameworks, controls, regulations and industry best practices (e.g. NIST, ISO, SOX ITGC, HIPAA, HICP, CCPA/CPRA)
- Experience in participating in and leading security GRC projects for a dynamic organization with demonstrated project management skills and driving accountability for meeting deliverables within established timelines
- Significant familiarity with metrics (e.g. KRI, KPI, OKR) to measure security team service and program effectiveness & consistency
- Experience implementing, refining and managing the utilization of GRC solutions and related technology tools/software
- Knowledge & experience in risk quantification (e.g. FAIR) and associated reporting
- Solid understanding of enterprise security technology, appliances, and tools
- Experience with health-tech systems, like Electronic Health Records, Clinical data, etc.
- Knowledge of security technology and relevant security risks, controls, and vulnerabilities
- Collaborative work style; ability to develop and maintain effective working relationships both
- internal and external to the organization
- Experience facilitating meetings with high level, cross-functional teams
- Exceptional verbal, written and interpersonal communication skills
Physical Requirements:
- Sitting for prolonged periods of time. Extensive use of computers and keyboard. Occasional walking and lifting may be required.
What Does This Mean for You?At Aledade, you will be part of a creative culture that is driven by a passion for tackling complex issues with respect, open-mindedness and a desire to learn. You will collaborate with team members who bring a wide range of experiences, interests, backgrounds, beliefs and achievements to their work - and who are all united by a shared passion for public health and a commitment to the Aledade mission.
In addition to time off to support work-life balance and enjoyment, we offer the following comprehensive benefits package designed for the overall well-being of our team members:Flexible work schedules and the ability to work remotely are available for many rolesHealth, dental and vision insurance paid up to 80% for employees, dependents, and domestic partners Robust time off plan 21 days of PTO in your first year 2 Paid Volunteer Days & 11 paid holidays12 weeks paid Parental Leave for all new parents6 weeks paid sabbatical after 6 years of serviceEducational Assistant Program & Clinical Employee Reimbursement Program401(K) with up to 4% matchStock optionsAnd much more!
At Aledade, we don’t just accept differences, we celebrate them! We strive to attract, develop, and retain highly qualified individuals representing the diverse communities where we live and work. Aledade is committed to creating a diverse environment and is proud to be an equal opportunity employer. Employment policies and decisions at Aledade are based on merit, qualifications, performance, and business needs. All qualified candidates will receive consideration for employment without regard to age, race, color, national origin, gender (including pregnancy, childbirth or medical conditions related to pregnancy or childbirth), gender identity or expression, religion, physical or mental disability, medical condition, legally protected genetic information, marital status, veteran status, or sexual orientation.
Privacy Policy: By applying for this job, you agree to Aledade's Applicant Privacy Policy available at https://www.aledade.com/privacy-policy-applicants
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Audits AWS CCPA CIPP CISA CISSP Cloud Compliance Computer Science CRISC GIAC Governance HIPAA NIST OKR Privacy Risk analysis Risk assessment Risk management SOX Strategy Vulnerabilities
Perks/benefits: Flex hours Flex vacation Health care Insurance Medical leave Paid sabbatical Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Information Security Officer jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Product Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information Security Architect jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open SaaS-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open PowerShell-related jobs