GRC Analyst

Job Description

You + Helix

Helix is a place where innovators and doers gather in order to drive significant progress in population genomics. We have come together to work at the intersection of clinical care, research, and genomics.

If you’re excited by the idea of making a meaningful impact and joining a team where we pride ourselves on driving innovation through fostering an environment with an emphasis on empowering one another to grow, Helix might be the place for you!

Helix + The World

Helix is the leading population genomics and viral surveillance company. Helix enables health systems, public health organizations and life science companies to accelerate the integration of genomic data into patient care and public health decision making.

We are continuing to scale our world-class team to support our dedication to empowering every person to improve their life through DNA.

What is special about this role?

Helix is looking to add a new Security Analyst (GRC) to their Security team that will take on ownership of the GRC and third party vendor assessment program. In addition, the analyst will assist with various cyber GRC areas including client due diligence, security awareness, regulatory response, audit remediations, security controls strategy, and other ad-hoc projects.

As a GRC Analyst, you will:

• Documentation review; drafting of policy, procedures and standards, certification and accreditation documents
• Monitor compliance for regulatory requirements such as HIPAA, SOC2 Type II, NIST 800-53, including any new regulatory initiatives applicable to the business (e.g. GDPR)
• Perform InfoSec risk and control assessments and report on risks and recommend mitigation strategies
• Coordinates internal/external audit efforts and prepares responses for audit reporting.
• Document and monitor InfoSec remediation and control improvements.
• Build awareness and accountability around IT governance, risk, and compliance control functions
• Articulate InfoSec risk into business terms while engaging with stakeholders
• Serve as liaison to business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., InfoSec best practices, policy and procedure development, employee education and awareness, security exceptions)
• Participate in the supplier risk management process to identify and mitigate the risk of third-party relationships
• Manage various projects, including effective project tracking, issue handling, and follow up
• Maintain confidentiality of all investigations, reports, and other confidential and sensitive information associated with position
• Interact enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff
• Define and deliver appropriate GRC metrics, analytics, and scorecards
• Organize and leads GRC related meetings and prepare meeting agendas and minutes
• Be team-oriented and promote execution and change through influence

About you:

• Bachelor’s degree in business, accounting, finance, computer science, information systems, engineering, or a related field required.
• At least four (4) years of specific experience with methodologies, activities, tools and enablers in a technology related industry that track to the roles and responsibilities listed.
• Possess industry-specific knowledge regarding security related regulations and controls, such as SOC2 Type II, Data Privacy, ISO 27001, FedRamp, and NIST 800, as well as technical approach and best practice advice for practitioners
• Excellent written and verbal communication skills.
• Strong analytical and problem-solving skills.
• Ability to work both independently and as part of a team to deliver quality work product in a timely fashion in a fast-paced environment.
• Ability to and prioritize tasks.
• Ability to work well with people from many different disciplines with varying degrees of technical experience.
• Ability to adapt to a dynamic, rapidly changing business and technical environment.
• Ability to exercise good professional judgment.
• Ability to maintain confidentiality.
• Ability to develop security standards and guidelines based on best practices and industry standards
• Infosec related training or certifications such as CISSP CISA, CRISC, CISM, ISC2 or GIAC
• Experience performing information security audits or risk assessments
• Experience with security auditing processes
• Experience with GRC automation software (Hyperproof), or other compliance and workflow tools.

What’s important to us:

• Curiosity — we are all passionate about the possibilities enabled by having access to your own genome
• Responsibility — we have an obligation to people and our partners to operate with highly credible research guided by well respected advisors, with clear and effective communication about our products
• Agility — flexibility and a desire to be nimble, smart, and effective are important to the Helix culture
• Follow-through — we’re building a diverse team with amazing track records of achievement in multidisciplinary environments

What Helix has to offer you:

Aside from working alongside brilliant, dedicated, passionate, down-to-earth, curious, warm, and thoughtful people, we also provide great benefits:

• Competitive compensation, Comprehensive Health insurance package including employer sponsored HSA
• 12 weeks of Maternity or Paternity leave
• 401(k) with employer matching and 100% vested on first day
• Comprehensive Well Being benefits
• Flexible PTO

Helix is proud to be an equal opportunity employer, and committed to providing employment opportunities regardless of race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, pregnancy, childbirth and breastfeeding, age, sexual orientation, military or veteran status, or any other protected classification, in accordance with applicable federal, state, and local laws.