Boston Childrens Health Physicians LLP
Information Security Analyst (GRC)
Share this job
Job Description
Information Security Analyst (GRC)
Boston Children's Health Physicians (BCHP) Valhalla, NY (Remote)
Position Summary
Boston Children's Health Physicians (BCHP) is seeking an experienced IT Security Analyst – Governance, Risk & Compliance (GRC) to support and mature our enterprise information security program.
This position will play a key role in helping BCHP strengthen cybersecurity governance, manage risk, maintain regulatory compliance, oversee security assessments, support third-party risk management, and drive continuous improvement across our security program.
The ideal candidate will serve as a bridge between Information Security, Compliance, Operations, and external service providers, helping ensure BCHP maintains a strong security posture while supporting the delivery of quality patient care.
This role reports directly to the Senior Director, Information Systems & Information Security (Security Officer).
Budget for position
* $100,000-$140,000 per year based on qualifications.
Role and Responsibilities
Governance & Compliance
- Support the development, maintenance, and continuous improvement of BCHP's Information Security Program.
- Assist with security policy development, review, implementation, and lifecycle management.
- Monitor compliance with HIPAA, HITECH, NIST Cybersecurity Framework, CIS Controls, and organizational security standards.
- Track remediation efforts resulting from audits, assessments, and risk analyses.
- Maintain security governance documentation, evidence repositories, and compliance records.
Risk Management
- Conduct and document security risk assessments.
- Assist with enterprise risk identification, analysis, and mitigation planning.
- Maintain risk registers and remediation tracking activities.
- Participate in annual Security Risk Assessments (SRA) and third-party assessments.
Vendor & Third-Party Risk Management
- Perform security reviews of vendors, business associates, and service providers.
- Review security questionnaires, SOC reports, penetration test summaries, and related documentation.
- Track vendor remediation activities and ongoing monitoring requirements.
- Support Business Associate Agreement (BAA) and security review processes.
Audit & Assessment Support
- Coordinate internal and external security audits.
- Gather evidence and documentation for regulatory, compliance, and customer audits.
- Assist with preparation for HIPAA, cybersecurity, and third-party assessments.
- Monitor corrective action plans through completion.
- Security Awareness & Training
- Support enterprise security awareness initiatives.
- Assist with phishing simulation programs and training campaigns.
- Track workforce training completion and reporting metrics.
Security Program Reporting
- Develop security metrics, dashboards, and executive reports.
- Monitor compliance with security policies and standards.
- Provide recommendations for program improvements and risk reduction.
Requirements
Required
* Bachelor’s degree in information security, Cybersecurity, Information Technology, Business, or related field (or equivalent experience). * 3+ years of experience in Information Security, IT Audit, Risk Management, Compliance, or Governance. * Knowledge of: + HIPAA Security Rule + NIST Cybersecurity Framework + CIS Controls + Security Risk Assessments + Vendor Risk Management + Security Policies and Procedures * Strong documentation, analytical, and organizational skills. * Excellent communication and presentation abilities.
Preferred
* Experience in healthcare, healthcare technology, or regulated environments. * Experience supporting security audits and regulatory assessments. * Familiarity with: + Microsoft 365 Security & Compliance + Microsoft Purview + Microsoft Defender + Sentinel + CrowdStrike + Proofpoint + ServiceNow or similar ticketing platforms
Preferred Certifications
- Security+
- GSEC
- SSCP
- CISA
- CRISC
- CGRC (formerly CAP)
- CISSP (or pursuing)
Why Join BCHP?
This position offers significant visibility across the organization and the opportunity to directly influence the future direction of BCHP's security and compliance program.
Additionally
- Competitive salary and comprehensive benefits package
- Supportive, inclusive, and growth focused company culture
- Access to continuous professional development
- Flexible work environment
Keep looking