Compliance Associate

How you’ll make an impact:
The Governance, Risk, and Compliance (GRC) Associate will operate with a high degree of autonomy within Strata’s Information Technology team, proactively engaging in aspects of governance, risk, and compliance. This self-driven role collaborates across departments to ensure that Strata meets industry regulations, client requirements, and best practices. As a subject matter expert, the Senior GRC Associate is well-versed in certifications and regulatory standards such as state privacy laws, HIPAA, ISO 27001, ISO 22301, and SOC. 

GRC Program Activities 

• Drive the maturation of a best-in-class cybersecurity compliance assurance program, focusing on continuous monitoring of controls, timely identification and remediation of control gaps, and implementing efficiencies that enhance compliance efforts across various products. 
• Lead the annual recertification process for Strata’s HITRUST certification. Validate scope is still relevant and develop the roadmap of how new services and functionality will be incorporated into the certification scope.  
• Participate in the assessments and improvements of our control framework, ensuring alignment with established security frameworks such as ISO 27001, SOC 2, and HITRUST.  
• Ensure all program policies, procedures, and documentation are reviewed for accuracy and relevance by key stakeholders and update these documents as new regulations and requirements are made available.  

GRC Operations 

• Work closely with members of business development and IT leadership, complete third-party risk management assessments under the request of Strata’s customers.  
• Complete necessary third-party vendor risk management activities based on Strata standards and best practices.  
• Conduct internal audits to verify that internal controls are functioning as intended and effectively mitigate risk. 
• Engage in Disaster Recovery, Business Continuity, and Security Event exercises to assess and refine policies and processes in response to disruptions. 
• Recognize challenges in the audit process, propose solutions, and collaborate to implement approved enhancements. 

What we’re looking for: 

• Minimum 4-5+ years of experience with a concentration in IT Governance, Risk, and Compliance  
• Experience achieving and maintaining HITRUST certification 
• Experience with SOC Controls 
• Excellent communication skills including the ability to communicate technical issues to users with little technical background/expertise  
• Self-motivated, proactive and able to manage multiple priorities 
• Mastered knowledge in: 
  • Microsoft office suite 
  • Technical writing 
  • Internal/External auditing  
• Preferred qualifications: CCSFP, CRISC, CISA 

Estimated Salary Range: $75,000 - $95,000

Actual salary will be determined based on factors including, but not limited to, skill set and level of experience. This salary range is a good faith estimate of base pay. Strata also provides discretionary variable pay programs based on role. In addition, Strata provides a comprehensive benefits package including retirement benefits, health and welfare benefits, paid time off, parental leave, life and accident insurance, and other voluntary and well-being benefits.