Information Security Analyst (GRC) Boston Children's Health Physicians (BCHP) Valhalla, NY (Remote) Position Summary:
Boston Children's Health Physicians (BCHP) is seeking an experienced IT Security Analyst – Governance, Risk & Compliance (GRC) to support and mature our enterprise information security program.
This position will play a key role in helping BCHP strengthen cybersecurity governance, manage risk, maintain regulatory compliance, oversee security assessments, support third-party risk management, and drive continuous improvement across our security program.
The ideal candidate will serve as a bridge between Information Security, Compliance, Operations, and external service providers, helping ensure BCHP maintains a strong security posture while supporting the delivery of quality patient care.
This role reports directly to the Senior Director, Information Systems & Information Security (Security Officer). Budget for position - $100,000-$140,000 per year based on qualifications.
Role and Responsibilities Governance & Compliance - Support the development, maintenance, and continuous improvement of BCHP's Information Security Program.
- Assist with security policy development, review, implementation, and lifecycle management.
- Monitor compliance with HIPAA, HITECH, NIST Cybersecurity Framework, CIS Controls, and organizational security standards.
- Track remediation efforts resulting from audits, assessments, and risk analyses.
- Maintain security governance documentation, evidence repositories, and compliance records.
Risk Management - Conduct and document security risk assessments.
- Assist with enterprise risk identification, analysis, and mitigation planning.
- Maintain risk registers and remediation tracking activities.
- Participate in annual Security Risk Assessments (SRA) and third-party assessments.
Vendor & Third-Party Risk Management - Perform security reviews of vendors, business associates, and service providers.
- Review security questionnaires, SOC reports, penetration test summaries, and related documentation.
- Track vendor remediation activities and ongoing monitoring requirements.
- Support Business Associate Agreement (BAA) and security review processes.
Audit & Assessment Support
- Coordinate internal and external security audits.
- Gather evidence and documentation for regulatory, compliance, and customer audits.
- Assist with preparation for HIPAA, cybersecurity, and third-party assessments.
- Monitor corrective action plans through completion.
- Security Awareness & Training
- Support enterprise security awareness initiatives.
- Assist with phishing simulation programs and training campaigns.
- Track workforce training completion and reporting metrics.
Security Program Reporting - Develop security metrics, dashboards, and executive reports.
- Monitor compliance with security policies and standards.
- Provide recommendations for program improvements and risk reduction.
Requirements: Required - Bachelor’s degree in information security, Cybersecurity, Information Technology, Business, or related field (or equivalent experience).
- 3+ years of experience in Information Security, IT Audit, Risk Management, Compliance, or Governance.
- Knowledge of:
- HIPAA Security Rule
- NIST Cybersecurity Framework
- CIS Controls
- Security Risk Assessments
- Vendor Risk Management
- Security Policies and Procedures
- Strong documentation, analytical, and organizational skills.
- Excellent communication and presentation abilities.
Preferred - Experience in healthcare, healthcare technology, or regulated environments.
- Experience supporting security audits and regulatory assessments.
- Familiarity with:
- Microsoft 365 Security & Compliance
- Microsoft Purview
- Microsoft Defender
- Sentinel
- CrowdStrike
- Proofpoint
- ServiceNow or similar ticketing platforms
Preferred Certifications - Security+
- GSEC
- SSCP
- CISA
- CRISC
- CGRC (formerly CAP)
- CISSP (or pursuing)
Why Join BCHP? This position offers significant visibility across the organization and the opportunity to directly influence the future direction of BCHP's security and compliance program. Additionally - Competitive salary and comprehensive benefits package
- Supportive, inclusive, and growth focused company culture
- Access to continuous professional development
- Flexible work environment
|