Information Security Analyst (GRC)

Boston Childrens Health Physicians LLP

Valhalla, New York

JOB DETAILS
SKILLS
Budgeting, Business Services, Business Support, CISA - Certified Information Systems Auditor, CISSP - Certified Information Systems Security Professional, Campaigns, Communication Skills, CompTIA Security+, Computer Security, Continuous Improvement, Corrective Action, Documentation, Enterprise Protection, External Audit, GSEC - GIAC Security Essentials Certification, HIPAA (Health Insurance Portability and Accountability Act), Healthcare, Information Technology & Information Systems, Information Technology/Systems Audit, Information/Data Security (InfoSec), Internal Audit, Internet Security, Maintain Compliance, Metrics, Microsoft Product Family, Patient Care, Phishing, Policy Development, Presentation/Verbal Skills, Process Improvement, Regulations, Regulatory Compliance, Reporting Dashboards, Risk, Risk Analysis, Risk Management, SSCP - Systems Security Certified Practitioner, Security Analysis, Security Auditing, Security Compliance, Security Policy, ServiceNow, Simulation, U.S. National Institute of Standards and Technology (NIST)
LOCATION
Valhalla, New York
POSTED
2 days ago

Information Security Analyst (GRC)

Boston Children's Health Physicians (BCHP) Valhalla, NY (Remote)

Position Summary:
Boston Children's Health Physicians (BCHP) is seeking an experienced IT Security Analyst – Governance, Risk & Compliance (GRC) to support and mature our enterprise information security program.
This position will play a key role in helping BCHP strengthen cybersecurity governance, manage risk, maintain regulatory compliance, oversee security assessments, support third-party risk management, and drive continuous improvement across our security program.
The ideal candidate will serve as a bridge between Information Security, Compliance, Operations, and external service providers, helping ensure BCHP maintains a strong security posture while supporting the delivery of quality patient care.
This role reports directly to the Senior Director, Information Systems & Information Security (Security Officer).

Budget for position

  • $100,000-$140,000 per year based on qualifications.

Role and Responsibilities

Governance & Compliance

  • Support the development, maintenance, and continuous improvement of BCHP's Information Security Program.
  • Assist with security policy development, review, implementation, and lifecycle management.
  • Monitor compliance with HIPAA, HITECH, NIST Cybersecurity Framework, CIS Controls, and organizational security standards.
  • Track remediation efforts resulting from audits, assessments, and risk analyses.
  • Maintain security governance documentation, evidence repositories, and compliance records.

Risk Management

  • Conduct and document security risk assessments.
  • Assist with enterprise risk identification, analysis, and mitigation planning.
  • Maintain risk registers and remediation tracking activities.
  • Participate in annual Security Risk Assessments (SRA) and third-party assessments.

Vendor & Third-Party Risk Management

  • Perform security reviews of vendors, business associates, and service providers.
  • Review security questionnaires, SOC reports, penetration test summaries, and related documentation.
  • Track vendor remediation activities and ongoing monitoring requirements.
  • Support Business Associate Agreement (BAA) and security review processes.


Audit & Assessment Support

  • Coordinate internal and external security audits.
  • Gather evidence and documentation for regulatory, compliance, and customer audits.
  • Assist with preparation for HIPAA, cybersecurity, and third-party assessments.
  • Monitor corrective action plans through completion.
  • Security Awareness & Training
  • Support enterprise security awareness initiatives.
  • Assist with phishing simulation programs and training campaigns.
  • Track workforce training completion and reporting metrics.

Security Program Reporting

  • Develop security metrics, dashboards, and executive reports.
  • Monitor compliance with security policies and standards.
  • Provide recommendations for program improvements and risk reduction.

Requirements:

Required

  • Bachelor’s degree in information security, Cybersecurity, Information Technology, Business, or related field (or equivalent experience).
  • 3+ years of experience in Information Security, IT Audit, Risk Management, Compliance, or Governance.
  • Knowledge of:
    • HIPAA Security Rule
    • NIST Cybersecurity Framework
    • CIS Controls
    • Security Risk Assessments
    • Vendor Risk Management
    • Security Policies and Procedures
  • Strong documentation, analytical, and organizational skills.
  • Excellent communication and presentation abilities.

Preferred

  • Experience in healthcare, healthcare technology, or regulated environments.
  • Experience supporting security audits and regulatory assessments.
  • Familiarity with:
    • Microsoft 365 Security & Compliance
    • Microsoft Purview
    • Microsoft Defender
    • Sentinel
    • CrowdStrike
    • Proofpoint
    • ServiceNow or similar ticketing platforms

Preferred Certifications

  • Security+
  • GSEC
  • SSCP
  • CISA
  • CRISC
  • CGRC (formerly CAP)
  • CISSP (or pursuing)

Why Join BCHP?

This position offers significant visibility across the organization and the opportunity to directly influence the future direction of BCHP's security and compliance program.

Additionally

  • Competitive salary and comprehensive benefits package
  • Supportive, inclusive, and growth focused company culture
  • Access to continuous professional development
  • Flexible work environment
 

About the Company

B

Boston Childrens Health Physicians LLP