Contact us

Back to careers

Senior GRC Officer

Customer Support | Boston, US

About the position

Healthy.io is the first company to successfully turn the smartphone camera into a clinical-grade medical device, enabling faster treatment and improved care for patients worldwide. Our products combine computer vision and machine learning technology with best-in-class UX design to create new clinical pathways through smartphone-powered urinalysis, digitized wound management, and beyond.

Headquartered in Tel Aviv with 240 employees across London, Boston, and Singapore we are growing fast as we serve more and more patients across ever-expanding areas of healthcare.

Being in the field of digital healthcare, we have no choice but to maintain very high security standards. From cyber-security aspects, information security and compliance, and above all keeping private data private - we demand high standards of security from ourselves and from our partners. 

We’re looking for a Senior GRC officer to oversee our US site activities and join our global team and participate in all aspects of cybersecurity and compliance. We’re looking for a brilliant leader, experienced in compliance frameworks operating with modern systems.

You’ll work closely with the entire team and report directly to the company's Information Security Director

We are looking for someone well-organized and highly motivated, who can simultaneously balance a process-oriented approach with a tech-oriented outlook. We’re looking for a team player who can create an immediate impact within our dynamic and growing team.

Our company is no stranger to formal compliance frameworks and standards. We know how to work in a regulatory framework while maintaining a very agile and super technological workflow.

Requirements
  • Minimum 5 years professional experience including 3+ years in Audit, IT Audit, Cloud Audit, risk management, IT security and / or similar compliance functions.
  • Bachelor's Degree or equivalent in Business, Computer Science or a related field.
  • Demonstrated capability to learn and adapt to new situations and requirements.
  • Experience with working across business units and geographical boundaries to engage team members required.
  • Strong Knowledge of security and control standards and frameworks such as HIPAA,HITRUST,NIST CSF & 800-53, ISO27001, SOC, PCI - their use and assessment.
  • Understanding of IT systems security concepts, trends and practices.
  • Experience handling security conversations and concerns from Healthcare customers.
  • Experience with IT Security Assessments.
  • Project management skills.
  • Experience working in a Cloud and SaaS.
  • Operate in a very dynamic and high productivity environment.
  • Self-motivated results-driven individual requiring minimal oversight that can work to accomplish goals in a collaborative environment.
  • Relevant Security and/or Risk certifications such as CISM/CISSP/CISA/CRISC, etc.
  • Excellent written and verbal communication skills.
  • Strong analytical and problem-solving skills. 
Role & Responsibilities
  • Support local, regional, and global Governance, Risk and Compliance initiatives and activities.
  • Develop, maintain and publish up-to-date security and compliance policies, standards and guidelines, and oversee training and dissemination of policies and procedures.
  • Provide support for assessment of policy / standards compliance and exceptions, report status and document advice for corrective actions.
  • Track timely closure of identified control gaps and risk mitigation plans and actively support action owners during issue remediation.
  • Collaborate with various stakeholders to assist with compliance assessment and building requirements.
  • Participate in HIPAA, ISO 27001, HITRUST compliance assessment, evidence collection, and reporting.
  • Assist in the deployment of various Governance, Risk and Compliance tools.
  • Apply the risk-based process for vendor management, including assessment and treatment for risks that may result from partners, consultants and other service providers.
  • Assess operational risks and perform tactical risk assessments within the organization.
  • Monitor and maintain the Risk Register and provide data for metrics. Escalate outstanding issues and risk mapping.
  • Assist with Incident Response and Business Continuity to include running table-top exercises and live testing.
  • Respond to security and compliance queries from customers or partners.
  • Ensure compliance with various regulations.
  • Other GRC related duties as needed.


You will love this job if:

  • You believe in the integration of Governance, Risk and Compliance activities that can empower a company to provide a compliant business model, manage significant risks to the business' goals and objectives, and provide accurate information to empower better decision making.
  • You are a strong critical thinker and enjoy working on challenging problems.
  • You enjoy partnering and communicating with a range of business professionals.
  • You have the ability to work effectively across multiple teams and can organize priorities.


or send your CV to [email protected]