GRC Security Specialist (Remote)
Bay Area, CA
Curai Health
Stay healthy from home. Affordable primary care designed around you. Get healthier with a doctor who works with you every step of the way.Our company is remote-first and we consider candidates across the United States.
Privacy & Security at Curai
Patients entrust us with their sensitive information; therefore, we consider their privacy and security an important top-level concern in everything we do. In order to continually focus the company on these service and operational goals. We are now looking for a Governance, Risk, and Compliance Security Specialist reporting to our Head of Privacy and Security.
As a GRC Security Specialist, you will streamline and maintain Curai’s security and privacy policies, monitor and maintain HIPAA compliance, manage our SOC2 Type 1 assurance to a SOC2 Type 2 report and certification, develop and maintain our vendor risk and client assurance programs, and establish our overall risk management program.
Who You Are: None of these individually are hard requirements but they do describe the type of folks that we think would be most effective and happy at Curai. You…
- Have worked remotely before, or have a strong feeling that you'd work well with a 100% remote team, spread across multiple time zones
- Love tackling complex problems that span multiple systems
- Are excited to try things out to validate new features, and move on if they no longer solve a problem
- Value breadth of knowledge as much as specialization
- Have informed opinions that you hold lightly
- Are excited about getting on the speeding train that is an early-stage startup
- Enjoy thinking through trade-offs, with both mindfulness of near-term needs and Curai’s long-term strategy
- Embrace writing concise documentation so that onboarding new team members is simple and we reduce siloed domain expertise by individuals
- Understand what a startup is and that 1 year here is like 3-4 years in a big company; You will get to work and launch lots of projects, and you have a learning mindset to tackle new challenges
What You’ll Do: A day in the life as a Curai GRC Specialist is spent doing things like:
- Utilizing the continuous compliance platform, Drata, to update and maintain security and privacy policies
- Utilizing Drata, to monitor and maintain HIPAA compliance by working with various control owners throughout the company
- Utilizing Drata, to manage our SOC2 Type 1 assurance into a SOC2 Type 2 report and certification, maintaining annual renewal thereafter
- Developing and maintaining Curai’s Vendor Risk Management program
- Developing and maintaining Curai’s Client Assurance Program
- Establishing and maintaining an overall governing Risk Management program
- Participating in annual penetration testing tracking and remediation
What You'll Need: We recognize not everyone will have all of these requirements. If you meet most of the criteria below and you’re excited about the opportunity and willing to learn, we’d love to hear from you. You should have:
- 3-5 years of experience working in security/privacy Governance, Risk, and Compliance capacities
- One or more of the following (or equivalent) certifications: CISSP, CISA, CRISC, CISM
- Experience and comfortability with the fast pace of change and responsibility in a start-up environment
- Ability to work and thrive with diverse cross-disciplinary teams throughout the company
- Familiarity working in a MAC/Google workspace environment
- Experience in various frameworks and standards for regulatory and security compliance (PCI, HIPAA, CCPA/GDPR, ISO, HITRUST, etc.)
- Experience working with commercial grade GRC and/or continuous compliance platforms (such Drata, Vanta, SecureFrame, Archer, MetricStream, Riskconnect, ZenGRC, LogicGate, etc.)
- Strong writing and other communications skills
You Might Also Have:
- Background in healthcare or health insurance
- Familiarity with the application of AWS security infrastructure tools, such as AWS Inspector, AWS Key Manager, Guard Duty, Cloud Watch, etc)
- Bachelor’s degree (Computer Science, Information Assurance, Business Management, or equivalent field)
Curai Health is a startup with a small, but world-class team from high tech companies, AI researchers, practicing physicians, to team members from non-traditional career paths and backgrounds.. We also have research partnerships with leading universities across the country and access to medical data that facilitates research in this space. We are a highly collaborative, data-driven team, focused on delivering our mission with funding from top-tier Silicon Valley investors including Morningside, General Catalyst, and Khosla Ventures.
At Curai Health, we are highly committed to building a diverse and inclusive environment. In keeping with our beliefs and values, no employee or applicant will face discrimination or harassment based on race, color, ancestry, national origin, religion, age, gender, marital domestic partner status, sexual orientation, gender identity, disability status, or veteran status. To promote an equitable and bias-free workplace, we set competitive compensation packages for each position and do not negotiate on our offers. We are looking for teammates that are mission-driven, embody our core values, and appreciate our transparent approach.
Tags: Artificial Intelligence AWS CCPA CISA CISM CISSP Cloud Compliance Computer Science CRISC GDPR Governance HIPAA HITRUST Pentesting Privacy Risk management SOC 2 Strategy
Perks/benefits: 401(k) matching Competitive pay Flex hours Flex vacation Health care Insurance Startup environment Team events Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs