Senior GRC Analyst

at TherapyNotes
  • $95k-$135k
  • Remote - United States

Remote

Cybersecurity

Senior

Job description

About Us

TherapyNotes is the go-to superhero for behavioral health Practice Management and EHR software! Our top-notch SaaS solution handles scheduling, billing, documenting, telehealth, and more so clinicians can focus on awesome patient care.

We’re a dynamic team of pros who love to innovate and push the envelope, keeping our software cutting-edge. Join us, and let’s revolutionize behavioral health software together while making a real difference!

Description

TherapyNotes is seeking an experienced cyber security professional to join our team of technology enthusiasts.  The right candidate should have a focus on cybersecurity compliance, security control implementation, risk/vulnerability management, continuous monitoring, and security awareness training. The role will serve as the liaison for external audits, oversee an internal cybersecurity audit program. This role requires a strong understanding of regulatory requirements, risk management frameworks, and industry best practices.

Responsibilities

  • Develop and implement GRC strategies, policies, and procedures to ensure compliance with regulatory standards and industry best practices.
  • Lead the assessment and management of risks across the organization, including conducting risk assessments, identifying gaps, and developing mitigation plans.
  • Collaborate with cross-functional teams to integrate GRC principles into business processes and systems.
  • Monitor regulatory changes and industry trends to ensure the organization remains compliant and proactive in addressing emerging risks.
  • Provide guidance and training to employees on GRC policies, procedures, and best practices.
  • Support the execution of audits, assessments, and compliance activities through validation of adherence to compliance standards.
  • Mentor and coach GRC analysts, fostering their professional development and growth within the organization.
  • Support the execution and continual improvement of the company’s information security program, with an emphasis on meeting HIPAA-HITECH, state, and GDPR compliance requirements
  • Identify and document cyber risks and manage mitigation, follow up on open security risks, and report issues to leadership
  • Assist with ad-hoc compliance reporting and follow up with customers and/or support partners to ensure all identified vulnerabilities are being addressed
  • Provide support to Information Security Incident Response team during cyber/privacy incidents
  • Validate that information security requirements are built into architectures and new technology projects
  • Ensures the running application and developing codebase protects the confidentiality, integrity, and availability of our customer’s data
  • Evaluate the technical security posture of newly proposed third-party solutions.
  • Identify areas of improvement related to third party risk management to drive maturity.

Requirements

  • BS degree in Information Security, Risk Management, Business Administration, or related field
  • 5+ years of experience in GRC, risk management, or related fields.
  • Experience supporting and/or leading audit discussions
  • Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) strongly preferred
  • Strong knowledge of regulatory requirements (e.g., GDPR, HIPAA, PCI-DSS, CPRA) and industry standards (e.g., ISO 27001, NIST).
  • Expert in designing, implementing, and maintaining security solutions
  • Experience developing and implementing GRC frameworks, policies, and procedures
  • Excellent analytical skills with the ability to assess complex risks and develop effective mitigation strategies
  • Exceptional communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization
  • Proven ability to lead and manage projects, including coordinating cross-functional teams and delivering results on time
  • Ability to adapt to a fast-paced and dynamic environment, with a focus on continuous improvement and innovation
  • Expert in OWASP, CIS and/or other security standards and secure configuration baselines
  • Proficiency with cloud-based solutions and web related technologies

Benefits

  • Competitive salary - $95,000-$135,000
  • Employer sponsored health, dental, vision, life, and disability insurance
  • Retirement plan with company contribution
  • Annual company profit sharing
  • Personal development/training budget
  • Open, collaborative work environment
  • Extensive 2-week onboarding plan
  • Comprehensive mentorship program

Equal Opportunity Employer Statement & Applicant Rights

TherapyNotes LLC is an Equal Opportunity Employer and does not discriminate based on race, color, religion, sex, national origin, age, disability, genetic information, or any other protected status under federal, state, or local law. We are committed to providing a workplace free of discrimination and harassment. For more information about your rights under federal employment laws, please review the following:

  • Know Your Rights: Workplace Discrimination is Illegal
  • Family and Medical Leave Act (FMLA): Employee Rights Under FMLA

If you require a reasonable accommodation during the application process, please contact [email protected].

#LI-Remote

#LI-PL1

5/30/2025

Share this job:
Please let TherapyNotes know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Latest Jobs at TherapyNotes

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply