Senior Security Governance Risk & Compliance Analyst

at Alma
  • $145k-$174k
  • Remote - United States

Remote

Cybersecurity

Senior

Job description

Alma is on a mission to simplify access to high-quality, affordable mental health care. We do this by making it easy and financially rewarding for therapists to accept insurance and offer in-network care. When a provider joins Alma, they gain access to a suite of tools that not only help them better run their business, but also grow it sustainably and develop as a provider. Alma is available in all 50 states, with over 20,000 therapists in our growing network. Anyone looking for a therapist can browse Alma’s free directory. Alma has raised $220.5M in funding from Insight Partners, Optum Ventures, Tusk Venture Partners, Primary Venture Partners, First Round Capital, Sound Ventures, BoxGroup, Cigna Ventures, and Rainfall Ventures. Alma was also named one of Inc’s Best Workplaces in 2022 and 2023.

Website

Job Board

Values

Candidate Interview Guide

Senior Security Governance Risk & Compliance (GRC) Analyst

Alma is seeking a mission-driven Senior Security Governance Risk and Compliance (GRC) Analyst to join our team.  We are dedicated to building secure and compliant tools and services that help providers more easily manage and grow their practice.

Acting as a principal aide to the VP of Security and IT, this role will play a critical role in enabling a culture of security at Alma, making security a product differentiator that builds confidence and trust with our providers, and preparing Alma for annual audits and certifications (such as SOC 2 and HITRUST). In this role you will perform risk assessments, create and maintain our security policies, educate our staff by developing a security awareness program, respond to security assessments, and review our vendor’s security.

What you’ll do:

  • Perform risk assessments and reports on Alma’s risk management program
  • Collaborate with stakeholders to identify and facilitate the implementation of mitigating controls
  • Streamline and maintain Alma’s security policies and standards
  • Prepare the organization and facilitate annual audits and certifications (SOC 2, PCI)
  • Educate Alma’s staff by creating and managing an effective security awareness program
  • Develop our vendor risk program, ensuring our vendors meet Alma security standards
  • Develop Alma’s Trust program, preparing materials and responses to security assessments, and making security a product differentiator that builds confidence and instills trust in our providers
  • Develop and measure key metrics, and coordinate activities in support of cybersecurity priorities

Who you are:

  • You have 5+ years of work experience in Information Security, especially in a GRC analysis role
  • You have experience working in health tech or other highly regulated industries (banking, insurance, etc)
  • You have experience leading SOC 2 audits and/or HITRUST certifications with minimal findings
  • You have experience deploying GRC solutions (Drata or equivalent), putting in place a unified control framework enabling evidence collection automation and  continuous compliance
  • You strongly understand security best practices and controls frameworks (NIST CSF, NIST 800-53, AICPA Trust Services Criteria, HITRUST CSF,  PCI DSS, HIPAA Security Rule, and Breach Notification)
  • You have experience implementing security controls and policies that align with AWS security best practices
  • You have experience driving security awareness programs, including phishing simulation tools (KnowBe4 or equivalent)
  • You have experience performing risk assessments, with an understanding of quantitative risk analysis frameworks (FAIR)
  • You have experience writing customer-facing materials in partnership with with product and marketing teams
  • You have strong written and verbal communication skills and can convey complex technical topics to non-technical stakeholders clearly and concisely
  • You feel a passion for Alma’s mission – to improve the experience of therapy for providers and their clients and simplify access to care

Benefits:

  • We’re a remote-first company
  • Health insurance plans through Aetna (medical and dental) and MetLife (vision), including FSA and HSA plans
  • 401K plan (ADP)
  • Monthly therapy and wellness stipends
  • Monthly co-working space membership stipend
  • Monthly work-from-home stipend
  • Financial wellness benefits through Northstar
  • Pet discount program through United Pet Care
  • Financial perks and rewards through BenefitHub
  • EAP access through Aetna
  • One-time home office stipend to set up your home office
  • Comprehensive parental leave plans
  • 11 paid holidays, 1 Alma Mental Health Day, and 1 Alma Volunteering Day
  • Flexible PTO

Salary Band: $145,000 - $174,000

Alma’s compensation philosophy is driven by our company value of building equity. To best ensure pay equity, we typically bring in new hires near the middle of our listed salary bands and we do not negotiate our compensation (i.e. all people hired at the same level & role are brought in at the same salary, equity, and benefits). The recruiter you work with can provide more details on our philosophy.

All Alma jobs are listed on our careers page. We do not use outside applications or automated text messaging in our recruiting process. We will not ask for any sensitive financial or identification information throughout the recruiting process. Any communication during the recruitment process, including interview requests or job offers, will come directly from a recruiting team member with a helloalma.com email address.

Share this job:
Please let Alma know you found this job on Remote First Jobs 🙏

Similar Remote Jobs

Alma logo

Alma

Simplify mental health care

  • 51-200 employees
  • Founded in 2018
  • 27 remote jobs
View all jobs

Latest Jobs at Alma

Benefits of using Remote First Jobs

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

Advanced Filters

Filter by category, benefits, seniority, and more.

Priority Job Alerts

Get timely alerts for new job openings every day.

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

Search remote, work from home, 100% online jobs

We help you connect with top remote-first companies.

Search jobs

Hiring remote talent? Post a job

Frequently Asked Questions

What makes Remote First Jobs different from other job boards?

Unlike other job boards that only show jobs from companies that pay to post, we actively scan over 20,000 companies to find remote positions. This means you get access to thousands more jobs, including ones from companies that don't typically post on traditional job boards. Our platform is dedicated to fully remote positions, focusing on companies that have adopted remote work as their standard practice.

How often are new jobs added?

New jobs are constantly being added as our system checks company websites every day. We process thousands of jobs daily to ensure you have access to the most up-to-date remote job listings. Our algorithms scan over 20,000 different sources daily, adding jobs to the board the moment they appear.

Can I trust the job listings on Remote First Jobs?

Yes! We verify all job listings and companies to ensure they're legitimate. Our system automatically filters out spam, junk, and fake jobs to ensure you only see real remote opportunities.

Can I suggest companies to be added to your search?

Yes! We're always looking to expand our listings and appreciate suggestions from our community. If you know of companies offering remote positions that should be included in our search, please let us know. We actively work to increase our coverage of remote job opportunities.

How do I apply for jobs?

When you find a job you're interested in, simply click the 'Apply Now' button on the job listing. This will take you directly to the company's application page. We kindly ask you to mention that you found the position through Remote First Jobs when applying, as it helps us grow and improve our service 🙏

Apply