Governance, Risk & Compliance, Senior Associate

Posted:
12/17/2024, 9:28:00 AM

Location(s):
Chicago, Illinois, United States ⋅ Illinois, United States

Experience Level(s):
Senior

Field(s):
Legal & Compliance

Workplace Type:
Hybrid

How you’ll make an impact:
The Senior Governance, Risk, and Compliance (GRC) Associate will operate with a high degree of autonomy within Strata’s Information Technology team, proactively engaging in aspects of governance, risk, and compliance. This self-driven role collaborates across departments to ensure that Strata meets industry regulations, client requirements, and best practices. As a subject matter expert, the Senior GRC Associate is well-versed in certifications and regulatory standards such as state privacy laws, HIPAA, ISO 27001, ISO 22301, and SOC. 

GRC Program Activities 

  • Drive the maturation of a best-in-class cybersecurity compliance assurance program, focusing on continuous monitoring of controls, timely identification and remediation of control gaps, and implementing efficiencies that enhance compliance efforts across various products. 
  • Lead the annual recertification process for Strata’s HITRUST certification. Validate scope is still relevant and develop the roadmap of how new services and functionality will be incorporated into the certification scope.  
  • Participate in the assessments and improvements of our control framework, ensuring alignment with established security frameworks such as ISO 27001, SOC 2, and HITRUST.  
  • Ensure all program policies, procedures, and documentation are reviewed for accuracy and relevance by key stakeholders and update these documents as new regulations and requirements are made available.  

GRC Operations 

  • Work closely with members of business development and IT leadership, complete third-party risk management assessments under the request of Strata’s customers.  
  • Complete necessary third-party vendor risk management activities based on Strata standards and best practices.  
  • Conduct internal audits to verify that internal controls are functioning as intended and effectively mitigate risk. 
  • Engage in Disaster Recovery, Business Continuity, and Security Event exercises to assess and refine policies and processes in response to disruptions. 
  • Recognize challenges in the audit process, propose solutions, and collaborate to implement approved enhancements. 

What we’re looking for: 

  • Minimum 5+ years of experience with a concentration in IT Governance, Risk, and Compliance  
  • Experience achieving and maintaining HITRUST certification 
  • Experience with SOC Controls 
  • Excellent communication skills including the ability to communicate technical issues to users with little technical background/expertise  
  • Self-motivated, proactive and able to manage multiple priorities 
  • Mastered knowledge in: 
    • Microsoft office suite 
    • Technical writing 
    • Internal/External auditing  
  • Preferred qualifications: CCSFP, CRISC, CISA 

How we work:
The preferred location for this role is in Chicago, IL or St. Louis, MO. We value our people spending time together and have campuses hosting in-person events located in both cities. We are truly a hybrid environment with all team members experiencing the flexibility to work from home. 

Thinking about applying?  
Research shows that women and underrepresented groups tend to apply to jobs only when they check every box on a job posting. If you’re currently reading this and hesitating to click “Apply” for that reason, we encourage you to go for it! A true passion and excitement for making an impact is just as important as work experience.

Should you require a reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please reach out to [email protected]. 

Here @ Strata… 
Our culture is driven by our people solving problems together. We embrace learning, collaboration, and continuous career growth. Together, we lift our customers, our products, our company, and our community.  

We believe that each of our team member’s unique perspectives and experiences is what drives innovation and positive change. Our individual differences are what make us a more forward-thinking organization. We foster a culture of inclusion, equity and belonging, regardless of race, religion, disability, sex, sexual orientation, gender identity or national origin.  

Our Core Values:
While we celebrate what makes each member of our team unique, our core values are what connect us. They set clear expectations for how we approach our work and how each of us can positively influence the experience of our team and our customers.

  • We connect with positive intent.
  • We are helpful.
  • We own it.
  • We get better every day.
  • We are humble.

Strata is committed to fair and equitable compensation practices. Full-time roles are eligible for an annual bonus based on both individual and company performance. Find out more about Strata benefits here.  

Strata Decision Technology

Website: https://www.stratadecision.com/

Headquarter Location: Chicago, Illinois, United States

Employee Count: 251-500

Year Founded: 1996

IPO Status: Private

Industries: Accounting ⋅ Advice ⋅ Analytics ⋅ Business Intelligence ⋅ Finance ⋅ Financial Services ⋅ Hospital ⋅ SaaS ⋅ Software