Senior GRC Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

ModMed · 19 hours ago

Senior GRC Analyst

positionUnited States
timeFull-time
remoteRemote
senioritySenior Level
date7+ years exp

ModMed is a company dedicated to modernizing the healthcare experience through innovative software solutions. The Senior GRC Analyst will lead and mature key components of the Governance, Risk, and Compliance program, collaborating with various stakeholders to identify and mitigate risks while ensuring compliance with regulatory standards.

Artificial Intelligence (AI)Electronic Health Record (EHR)Health CareSoftware
check
H1B Sponsor Likelynote

Responsibilities

Lead the development, implementation, and ongoing maintenance of enterprise cybersecurity policies, standards, and procedures
Own and evolve components of the cybersecurity governance framework, ensuring alignment with business strategy, risk appetite, and regulatory obligations
Serve as a subject matter expert on GRC frameworks and best practices, advising leadership on governance decisions and tradeoffs
Partner cross-functionally to embed governance requirements into operational and technology processes
Lead and independently execute enterprise and third-party risk assessments, including methodology refinement and scoping decisions
Evaluate complex risk scenarios, identify control gaps, and recommend prioritized, risk-based mitigation strategies
Monitor risk remediation efforts, challenge effectiveness of controls, and escalate material risks as appropriate
Contribute to the ongoing maturation of the enterprise risk management and third-party risk management programs
Own and lead compliance activities for major regulatory and industry frameworks (PCI, HIPAA, SOC 2, CIS Controls, NIST CSF)
Act as a primary point of contact for internal and external auditors, independently managing audit readiness, execution, and remediation efforts
Interpret evolving regulatory requirements and translate them into actionable controls and processes for the business
Drive continuous improvement of compliance processes, reducing audit friction and improving control sustainability
Design and continuously improve security awareness and training initiatives based on risk trends and audit findings
Advise business partners and leadership on risk-conscious decision-making and secure-by-design practices
Measure and report on program effectiveness and adoption
Develop and present executive-level reporting on GRC metrics, risk posture, audit outcomes, and program maturity
Ensure comprehensive, defensible documentation for audits, risk assessments, and governance decisions
Provide insights and recommendations to senior security leadership based on data and trend analysis

Qualification

GRC frameworksRisk managementCompliance activitiesCybersecurity policiesSecurity frameworksGRC toolsCISA CertificationCISM CertificationProblem-solvingCommunication skillsInterpersonal skills

Required

Bachelor's degree in Information Security, Cybersecurity, Information Technology or equivalent education and experience
Minimum of 7 years of experience in information security GRC, or related fields
Experience with PCI, HIPAA, SOC2, CIS Controls, and risk management, enterprise security risk management, and security awareness
Proficiency in PCI and security risk assessments methodologies and tools
Excellent problem-solving skills
Strong communication and interpersonal skills

Preferred

Familiarity with healthcare industry regulations
Strong understanding of security frameworks and standards (NIST CSF, PCI, HIPAA, SOC2, CIS Controls)
Experience with GRC tools and technologies
PCIP, ISA
CISA Certification
CISM Certification

Benefits

Comprehensive medical, dental, and vision benefits, including a company Health Savings Account contribution
401(k): ModMed provides a matching contribution each payday of 50% of your contribution deferred on up to 6% of your compensation. After one year of employment with ModMed, 100% of any matching contribution you receive is yours to keep
Generous Paid Time Off and Paid Parental Leave programs
Company paid Life and Disability benefits, Flexible Spending Account, and Employee Assistance Programs
Company-sponsored Business Resource & Special Interest Groups that provide engaged and supportive communities within ModMed
Professional development opportunities, including tuition reimbursement programs and unlimited access to LinkedIn Learning
Global presence and in-person collaboration opportunities; dog-friendly HQ (US), Hybrid office-based roles and remote availability for some roles
Weekly catered breakfast and lunch, treadmill workstations, Zen, and wellness rooms within our BRIC headquarters

Company

ModMed

twittertwittertwitter
company-logo
Specialty-specific healthcare SaaS solutions including AI-Powered EHRs, Practice Management, Analytics, RCM, Patient Engagement, Payments
dateFounded in 2010
location
Boca Raton, Florida, USA
people-size1001-5000 employees
web-link
https://www.modmed.com

H1B Sponsorship

ModMed has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (8)
2024 (6)
2023 (1)
2021 (1)

Funding

Current Stage
Late Stage
Total Funding
$485.93M
Key Investors
Warburg PincusIBMSummit Partners
2025-04-30Private Equity· $100M
2025-03-03Acquired
2022-02-22Series Unknown· $53.37M

Leadership Team

leader-logo
Daniel Cane
Chief Executive Officer
linkedin
leader-logo
Joe Harpaz
Co-Chief Executive Officer
linkedin

Recent News

PharmiWeb
Ambulatory EHR Excellence 2026: Top Vendors Recognized fo...
2026-01-16
Newswire
ModMed Sweeps 2026 Black Book Awards, Ranked #1 Across 11 Specialty EHR Categories
2026-01-16
Crunchbase News
Crunchbase Predicts: Why The Race For Talent And Tech Could Accelerate Startup M&A In 2026
2025-12-31
Company data provided by crunchbase