Senior GRC Analyst

** Join the Team Modernizing Medicine
**** A Culture of Excellence
** When you join Mod Med, you’re joining an award-winning team recognized for innovation and employee satisfaction.
From our global headquarters in Boca Raton Florida, and extensive employee base in Hyderabad India, we are a team of 4,500+ passionate problem-solvers on a mission to increase medical practice success and improve patient outcomes:
* ** Consistently ranked as a Top Place to Work**
* ** 2025 Globee Business Awards:
** Gold Globee for “Technology Team of the Year”
* ** 2025 Black Book Awards:
** Ranked #1 EHR in 11 Specialties
* ** Florida Venture Forum:
** Venture-Backed Company of the Year We are growing fast, thinking big, and we are just getting started.
** Job Description

Summary:

** The Senior GRC Analyst is responsible for leading and maturing key components of Mod Med’s Governance, Risk, and Compliance program. This role partners closely with security, technology, legal, compliance, and business stakeholders to proactively identify, assess, and mitigate risk while ensuring ongoing compliance with regulatory and industry standards. The incumbent operates as a trusted advisor, driving continuous improvement of GRC processes, frameworks, and controls across the enterprise.

The Senior GRC Analyst is responsible for designing, enhancing, and scaling GRC processes, including enterprise risk assessments, third-party risk management, audit readiness, and security awareness programs. This role contributes directly to improving program maturity, efficiency, and sustainability across Mod Med.
** What you'll do:
*** Lead the development, implementation, and ongoing maintenance of enterprise cybersecurity policies, standards, and procedures.
* Own and evolve components of the cybersecurity governance framework, ensuring alignment with business strategy, risk appetite, and regulatory obligations.
* Serve as a subject matter expert on GRC frameworks and best practices, advising leadership on governance decisions and tradeoffs.
* Partner cross-functionally to embed governance requirements into operational and technology processes.
* Lead and independently execute enterprise and third-party risk assessments, including methodology refinement and scoping decisions
* Evaluate complex risk scenarios, identify control gaps, and recommend prioritized, risk-based mitigation strategies.
* Monitor risk remediation efforts, challenge effectiveness of controls, and escalate material risks as appropriate.
* Contribute to the ongoing maturation of the enterprise risk management and third-party risk management programs.
* Own and lead compliance activities for major regulatory and industry frameworks (PCI, HIPAA, SOC 2, CIS Controls, NIST CSF).
* Act as a primary point of contact for internal and external auditors, independently managing audit readiness, execution, and remediation efforts.
* Interpret evolving regulatory requirements and translate them into actionable controls and processes for the business.
* Drive continuous improvement of compliance processes, reducing audit friction and improving control sustainability.
* Design and continuously improve security awareness and training initiatives based on risk trends and audit findings.
* Advise business partners and leadership on risk-conscious decision-making and secure-by-design practices.
* Measure and report on program effectiveness and adoption.
* Develop and present executive-level reporting on GRC metrics, risk posture, audit outcomes, and program maturity.
* Ensure comprehensive, defensible documentation for audits, risk assessments, and governance decisions.
* Provide insights and recommendations to senior security leadership based on data and trend analysis.
** What you'll bring:
*** Bachelor’s degree in Information Security, Cybersecurity, Information Technology or equivalent education and experience.
* Minimum of 7 years of experience in information security GRC, or related fields.
* Experience with PCI, HIPAA, SOC2, CIS Controls, and risk management, enterprise security risk management, and security awareness.
* Proficiency in PCI and security risk assessments methodologies and tools.
* Excellent…