GRC Security Analyst

TriNetX, LLC.•Cambridge, MA

1d•Hybrid

About The Position

TriNetX was founded on the idea that incorporating real-world data results in better clinical trial design, improves the site selection and patient recruitment process and generates real-world evidence (RWE) to advance the collective understanding of human health. TriNetX collaborates with the majority of industry leaders, including 13 of the top 15 pharmaceutical companies, and is powered by an impressive network of 170 healthcare organizations across 30 countries. As a result of its reach and rapidly expanding network, TriNetX has become the market leader in protocol design, feasibility, and site selection. Researchers have leveraged the TriNetX network to analyze over 39,000 protocols, presented over 10,000 clinical trial opportunities to its healthcare members, and reduced site identification time in clinical trials by 50%. Currently, TriNetX healthcare organization members contribute access to a patient population of 400 million, representing over 40 billion clinical observations. TriNetX has a worldwide presence, with our global headquarters located in Cambridge, Massachusetts and EU offices in Ghent, Belgium; Freiburg, Germany; and Basel, Switzerland – as well as offices in London, Madrid, Melbourne, Sao Paulo, Singapore, Tokyo, and Healdsburg, California. As a result, TriNetX is one of the fastest-growing, privately held companies in the life sciences industry. The Information Security Team is looking for a detail-oriented candidate to join as a GRC Security Analyst to continue the success of our fast-paced active team. In this position, the GRC Security Analyst will support the security direction of the business and elevate the company’s security posture. The GRC Security Analyst is expected to support the security strategy of the business as it evolves.

Requirements

3-5 years related experience, preferably in highly regulated environments.
Understanding of cloud environments such Amazon Web Services (AWS).
Prior experience with GRC systems from vendors such as TrustCloud.
Demonstrated problem-solving capabilities, and ability to understand complex local and international security requirements.
Self-motivated, directed and well-organized, with the vision to position controls in anticipation of threats.
Stays current in laws and regulations as well as related risk categories.
Holds or is working toward one or more of the following: CISSP, CRISC, CISM, or CISA.
Experience and understanding of various requirements and frameworks, examples include NIST, HIPAA, GDPR, or ISO 27001.
As a condition of employment, the individual must provide proof of Covid 19 vaccination unless a medical or religious exemption is granted by TriNetX.

Responsibilities

Continue implementation of additional modules and integration of the GRC-related platform, TrustCloud.
Document, formulate, and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
Act as point person with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
Analyze findings, and document, recommend and report program.
Oversee and direct our Vendor Management Program.
Respond to security assessments, assisting in customer facing security content.
Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
Apply GRC expertise across key lines of business, including products, practices and procedures.
Define or aid in definition of qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
Perform other duties as assigned.