Governance, Risk, and Compliance (GRC) Associate - Remote

Overview

The Governance, Risk, and Compliance (GRC) Associate will operate with a high degree of autonomy within Strata’s Information Technology team, proactively engaging in aspects of governance, risk, and compliance. This self-driven role collaborates across departments to ensure that Strata meets industry regulations, client requirements, and best practices. As a subject matter expert, the Senior GRC Associate is well-versed in certifications and regulatory standards such as state privacy laws, HIPAA, ISO 27001, ISO 22301, and SOC.

In Short

• Drive the maturation of a best-in-class cybersecurity compliance assurance program.
• Lead the annual recertification process for Strata’s HITRUST certification.
• Participate in the assessments and improvements of our control framework.
• Ensure all program policies, procedures, and documentation are reviewed for accuracy.
• Work closely with members of business development and IT leadership.
• Complete necessary third-party vendor risk management activities.
• Conduct internal audits to verify that internal controls are functioning as intended.
• Engage in Disaster Recovery, Business Continuity, and Security Event exercises.
• Recognize challenges in the audit process and propose solutions.
• Minimum 4-5+ years of experience with a concentration in IT Governance, Risk, and Compliance.

Requirements

• Experience achieving and maintaining HITRUST certification.
• Experience with SOC Controls.
• Excellent communication skills.
• Self-motivated and proactive.
• Mastered knowledge in Microsoft Office Suite, Technical Writing, and Internal/External Auditing.
• Preferred qualifications: CCSFP, CRISC, CISA.

Benefits

• Comprehensive benefits package including retirement benefits.
• Health and welfare benefits.
• Paid time off and parental leave.
• Life and accident insurance.
• Discretionary variable pay programs based on role.