Position: Lead IT Security GRC Analyst

Monogram Health is actively seeking an accomplished and motivated Lead IT Security Governance Risk and Compliance (GRC) Analyst who shares our commitment to information security as a cornerstone in safeguarding our organization. The Lead IT Security GRC Analyst will be part of a fast-paced environment that pushes you to learn while doing. This role needs to be both strategic and intensely focused on GRC with an emphasis on process, scalability, and automation to ensure our security posture aligns seamlessly with business objectives. We value experience in collaborating with key stakeholders, understanding regulatory requirements, and implementing effective security strategies.

The Lead IT Security GRC Analyst will serve as the process owner for all ongoing activities related to the availability, integrity and confidentiality of the patient, provider, employee and business information in compliance with Monogram Health's Information Security policies and procedures. This is a team-oriented group that works together to implement and manage security controls, tools and processes. The successful candidate will be curious, creative, and highly interested in the latest security developments. This role is based in the Brentwood, TN office.

Responsibilities

• Lead security risk management efforts. Contribute to the development of the organization's overall security strategy and provide strategic input for security initiatives and projects
• Lead and mentor a team of GRC security professionals
• Develop security awareness materials and manage phishing simulation
• Anticipate security threats that generate alerts, incidents, and disasters and recommend controls to reduce their likelihood
• Develop, implement, and maintain risk mitigation strategies and action plans with key stakeholders
• Monitor and report on risk metrics and trends. Prepare reports that document security incidents and breaches and the extent of the damage caused by the breaches
• Collaborate with the Compliance Department to ensure Monogram Health’s compliance with relevant laws, regulations, certifications, assessments, and industry standards
• Facilitate third-party security assessments and audits, such as HIPAA security risk assessments and HITRUST assessments.
• Assess, manage, maintain, and enhance the third-party vendor risk management program and ensure third-party compliance with security standards
• Collaborate with other departments to integrate security into business processes
• Identify and implement continuous improvement initiatives within the security GRC function to enhance security posture
• Stay informed about industry trends and best practices.
• Assist in incidents and security breaches to determine root causes
• Lead annual policies and procedures reviews and updates

Position Requirements

• Bachelor's degree
• Minimum of three (3) years of experience in information security governance, risk, and compliance and AI security and data privacy governance and controls implementation
• Familiarity with industry standards and regulations including PCI, HIPAA, NIST, HITRUST, and IS0 27007
• Demonstrated interpersonal, verbal, and written communication skills
• Working knowledge of and experience in the policy and regulatory environment of information security, especially in healthcare is preferred
• Demonstrated entrepreneurial spirit, humility, and comfort working in and contributing to a dynamic and cross-functional team environment.
• Keep constantly updating job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations
• CISSP, CISM, CISA, CRISC certifications or like preferred

Benefits

• Comprehensive Benefits - Medical, dental, and vision insurance, employee assistance program, employer-paid and voluntary life insurance, disability insurance, plus health and flexible spending accounts
• Financial & Retirement Support – Competitive compensation, 401k with employer match, and financial wellness resources
• Time Off & Leave – Paid holidays, flexible vacation time/PSSL, and paid parental leave
• Wellness & Growth – Work life assistance resources, physical wellness perks, mental health support, employee referral program, and BenefitHub for employee discounts

About Monogram Health

Monogram Health is a leading multispecialty provider of in-home, evidence-based care for the most complex of patients who have multiple chronic conditions. Monogram health takes a comprehensive and personalized approach to a person’s health, treating not only a disease, but all of the chronic conditions that are present - such as diabetes, hypertension, chronic kidney disease, heart failure, depression, COPD, and other metabolic disorders.

Monogram Health employs a robust clinical team, leveraging specialists across multiple disciplines including nephrology, cardiology, endocrinology, pulmonology, behavioral health, and palliative care to diagnose and treat health issues; review and prescribe medication; provide guidance, education, and counselling on a patient’s healthcare options; as well as assist with daily needs such as access to food, eating healthy, transportation, financial assistance, and more. Monogram Health is available 24 hours a day, 7 days a week, and on holidays, to support and treat patients in their home.

Monogram Health’s personalized and innovative treatment model is proven to dramatically improve patient outcomes and quality of life while reducing medical costs across the health care continuum.

#LI-AS1