IT GRC Analyst

Remote

Applications have closed

Amwell

Amwell digitally empowers payers, providers and innovators, enabling an ecosystem of care that spans across in-person, virtual and automated care.

View company page

Company Description

Amwell is a leading telehealth platform in the United States and globally, connecting and enabling providers, insurers, patients, and innovators to deliver greater access to more affordable, higher quality care. Amwell believes that digital care delivery will transform healthcare. We offer a single, comprehensive platform to support all telehealth needs from urgent to acute and post-acute care, as well as chronic care management and healthy living. With over a decade of experience, Amwell powers telehealth solutions for over 150 health systems comprised of 2,000 hospitals and 55 health plan partners with over 36,000 employers, covering over 80 million lives.

Brief Overview

The IT Governance, Risk and Compliance (GRC) Analyst will play a critical role in the Hosting department. The position is primarily responsible for supporting the IT Audit and Compliance initiatives, including but not limited to HITRUST, ISO 27001/2, and PCI-DSS compliance.

The IT GRC Analyst is also responsible for the testing of internal controls, gathering documentation and evidence, and documenting the test results. They will participate as needed with information sharing/gathering/reporting process for other audits/reviews including external audits, internal audits, and risk management.  Additionally, part of this role is to perform detailed reviews to ensure compliance with defined policies, standards, and guidelines.  Upon completion of reviews, this position will make recommendations or be directly involved with addressing findings or developing remediation plans/steps.

Specifically, the IT GRC Analyst will:

Core Responsibilities

  • Assist with scheduled control checks/audits for Information Technology, Information Security, and line of business defined controls.
  • Support risk assessments and resolution follow-up to assure compliance with applicable ISMS frameworks such as PCI-DSS, HITRUST, and ISO 27001/2.
  • Perform vendor risk & security assessments for new and current vendors as part of the organization’s Vendor Management Program.
  • Generate reports on assessment findings and summarize them to facilitate remediation tasks for other operational teams.
  • Respond to incoming Customer/Client Security questionnaires when required.
  • Support the security awareness programs within the organization.
  • Assist in the development and communication of IT Compliance standards and guidelines.
  • Provide input into Corporate-wide policies and processes.
  • Ensure that issues and findings across all compliance-related activities are documented and tracked for remediation, with direct involvement by either facilitation of discussions or by being directly involved in the process.
  • Engage in collaborative issue/remediation planning on a broad set of compliance-related issues: Disaster Recovery, Security risks, Data Protection, User access, Physical access, etc.
  • Support external audits performed by third-party auditors, related but not limited to: HITRUST CSF, ISO 27001/2, and PCI-DSS.
  • Work both independently and across teams to collect or distribute important information on IT Security & Compliance processes, procedures, guidelines, etc.
  • Serve as a subject matter expert on ISMS-related controls, procedures, and workflows.
  • Assist with security-related responsibilities and events as needed.

Qualifications

  • 2-4 years of relevant experience required.
  • Bachelor’s degree in Information Systems or related field or an equivalent combination of education and experience.
  • Experience working with Risk, Security, or Audit frameworks (i.e. NIST, ISO 27001/2, HITRUST).
  • Possess strong analytical skills capable of identifying, evaluating and mitigating risks.
  • Industry certification preferred (CISSP, CISA, or equivalent designation).
  • Strong oral and written communication skills and ability to work well across teams in a collaborative, complex and fast paced environment.

Additional information

Your Team

Amwell’s Operations group is a mission-focused technology team made up the best and brightest technical talent.  Our team members specialize in Information Technology, Cyber Security & Compliance, Hosting Operations, Business Intelligence, and Network Engineering.  We operate a state-of-the-art Cyber Command Center designed specifically to manage and protect our global telehealth infrastructure.

We leverage the latest technologies including an array of deployment and management tools as well as several cyber threat intelligence networks to keep our systems running smoothly around the clock.

If you enjoy working hard, challenging yourself, and staying at the cutting edge of technology, this is the team for you. 

Working at Amwell

Amwell is changing how care is delivered through online and mobile technology. We strive to make the hard work of healthcare look easy. In order to make this a reality, we look for people with a fast-paced, mission-driven mentality. We’re a culture that prides itself on quality, efficiency, smarts, initiative, creative thinking, and a strong work ethic. 

Our Core Values include One Team, Customer First, and Deliver Awesome. Customer First and Deliver Awesome are all about our product and services and how we strive to serve. As part of One Team, we operate the Amwell Cares program, which brings needed assistance to our communities, whether that be free healthcare for the underserved or for people affected by natural disasters, support for equality, honoring doctors and nurses, or annual Amwell-matched donations to food banks. Amwell aims to be a force for good for our employees, our clients, and our communities.

Amwell cares deeply about and supports Diversity, Equity and Inclusion. These initiatives are highlighted and reflected within our Three DE&I Pillars - our Workplace, our Workforce and our Community.

Amwell is a "virtual first" workplace, which means you can work from anywhere, coming together physically for ideation, collaboration and client meetings. We enable our employees with the tools, resources and opportunities to do their jobs effectively wherever they are!

The typical base salary range for this position is $65,000.00 - $75,000.00.  The actual salary offer will ultimately depend on multiple factors including, but not limited to, knowledge, skills, relevant education, experience, complexity or specialization of talent, and other objective factors.  In addition to base salary, this role may be eligible for an annual bonus based on a combination of company performance and employee performance. Long-term incentive and short-term variable compensation may be offered as part of the compensation package dependent on the role. Some roles may be commission based, in which case the total compensation will be based on a commission and the above range may not be an accurate representation of total compensation.

Further, the above range is subject to change based on market demands and operational needs and does not constitute a promise of a particular wage or a guarantee of employment. Your recruiter can share more during the hiring process about the specific salary range based on the above factors listed.

Additional Benefits

  • Unlimited Personal Time Off (Vacation time)
  • 401K match
  • Competitive healthcare, dental and vision insurance plans
  • Paid Parental Leave (Maternity and Paternity leave)
  • Employee Stock Purchase Program
  • Free access to Amwell’s Telehealth Services, SilverCloud and The Clinic by Cleveland Clinic’s second opinion program
  • Free Subscription to the Calm App
  • Tuition Assistance Program
  • Pet Insurance

Tags: Audits Business Intelligence CISA CISSP Compliance Governance HITRUST ISMS ISO 27001 NIST Risk assessment Risk management Security assessment Threat intelligence Vendor management

Perks/benefits: 401(k) matching Career development Competitive pay Equity Health care Parental leave Salary bonus Team events Unlimited paid time off

Region: Remote/Anywhere
Job stats:  44  12  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.