Boston Childrens Health Physicians LLP

Information Security Analyst (GRC)

Valhalla, NY, US$100,000-$140,000Posted 7 days ago

Job Description

Information Security Analyst (GRC)

Boston Children's Health Physicians (BCHP) Valhalla, NY (Remote)

Position Summary

Boston Children's Health Physicians (BCHP) is seeking an experienced IT Security Analyst – Governance, Risk & Compliance (GRC) to support and mature our enterprise information security program.

This position will play a key role in helping BCHP strengthen cybersecurity governance, manage risk, maintain regulatory compliance, oversee security assessments, support third-party risk management, and drive continuous improvement across our security program.

The ideal candidate will serve as a bridge between Information Security, Compliance, Operations, and external service providers, helping ensure BCHP maintains a strong security posture while supporting the delivery of quality patient care.

This role reports directly to the Senior Director, Information Systems & Information Security (Security Officer).

Budget for position

* $100,000-$140,000 per year based on qualifications.

Role and Responsibilities

Governance & Compliance

  • Support the development, maintenance, and continuous improvement of BCHP's Information Security Program.
  • Assist with security policy development, review, implementation, and lifecycle management.
  • Monitor compliance with HIPAA, HITECH, NIST Cybersecurity Framework, CIS Controls, and organizational security standards.
  • Track remediation efforts resulting from audits, assessments, and risk analyses.
  • Maintain security governance documentation, evidence repositories, and compliance records.

Risk Management

  • Conduct and document security risk assessments.
  • Assist with enterprise risk identification, analysis, and mitigation planning.
  • Maintain risk registers and remediation tracking activities.
  • Participate in annual Security Risk Assessments (SRA) and third-party assessments.

Vendor & Third-Party Risk Management

  • Perform security reviews of vendors, business associates, and service providers.
  • Review security questionnaires, SOC reports, penetration test summaries, and related documentation.
  • Track vendor remediation activities and ongoing monitoring requirements.
  • Support Business Associate Agreement (BAA) and security review processes.

Audit & Assessment Support

  • Coordinate internal and external security audits.
  • Gather evidence and documentation for regulatory, compliance, and customer audits.
  • Assist with preparation for HIPAA, cybersecurity, and third-party assessments.
  • Monitor corrective action plans through completion.
  • Security Awareness & Training
  • Support enterprise security awareness initiatives.
  • Assist with phishing simulation programs and training campaigns.
  • Track workforce training completion and reporting metrics.

Security Program Reporting

  • Develop security metrics, dashboards, and executive reports.
  • Monitor compliance with security policies and standards.
  • Provide recommendations for program improvements and risk reduction.

Requirements

Required

* Bachelor’s degree in information security, Cybersecurity, Information Technology, Business, or related field (or equivalent experience). * 3+ years of experience in Information Security, IT Audit, Risk Management, Compliance, or Governance. * Knowledge of: + HIPAA Security Rule + NIST Cybersecurity Framework + CIS Controls + Security Risk Assessments + Vendor Risk Management + Security Policies and Procedures * Strong documentation, analytical, and organizational skills. * Excellent communication and presentation abilities.

Preferred

* Experience in healthcare, healthcare technology, or regulated environments. * Experience supporting security audits and regulatory assessments. * Familiarity with: + Microsoft 365 Security & Compliance + Microsoft Purview + Microsoft Defender + Sentinel + CrowdStrike + Proofpoint + ServiceNow or similar ticketing platforms

Preferred Certifications

  • Security+
  • GSEC
  • SSCP
  • CISA
  • CRISC
  • CGRC (formerly CAP)
  • CISSP (or pursuing)

Why Join BCHP?

This position offers significant visibility across the organization and the opportunity to directly influence the future direction of BCHP's security and compliance program.

Additionally

  • Competitive salary and comprehensive benefits package
  • Supportive, inclusive, and growth focused company culture
  • Access to continuous professional development
  • Flexible work environment

Apply for this role

Keep looking

Similar Remote IT And Developer Jobs