Nuance is the pioneer and leader in conversational artificial intelligence (AI) innovations that bring intelligence to everyday work and life. We deliver solutions that understand, analyze, and respond to people, amplifying human intelligence to increase productivity and improve security. With decades of both domain and AI expertise, we work with thousands of organizations across a wide range of industries.
Check out our team Life at Nuance!
Join our team! At Nuance, we are constantly reinventing how people connect with technology and with each other. Our AI-powered solutions empower organizations to transform “business as usual.” For decades, the world’s leading financial, healthcare, telecommunications, retailers, and government organizations have trusted Nuance to bring them award-winning solutions that deliver more meaningful outcomes and empower a smarter, more connected world. From clinical speech recognition technologies that free physicians to spend more time caring for patients to real-time intelligence that powers billions of customer interactions, we’re deeply committed to helping organizations push the boundaries of what’s possible.
The Senior Security GRC Analyst is a highly respected, influential and in-demand role within the business. The position is responsible for the HIPAA Security program and supporting security assessment programs. This role is a key contributor in supporting the security direction of the business and elevating the company’s security posture to ensure compliance with the HIPAA Security Rule. This role is expected to support the security strategy of the business within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements, to ensure security controls are appropriately evaluated.
The ideal candidate has a strong understanding of security domains and possesses at least three years of experience in security, compliance or risk management. Communication is critical for this role, as this individual will be working with cross-functional teams from various areas of the business, both technical and non-technical, as well as executive leadership. A strong understanding of industry best practice security frameworks, such as CIS, ISO, and NIST and regulations, such as GDPR, HIPAA, and PCI are critical to the success of this role.
- Security HIPAA program lead responsible for security control assessment activities, including: planning; coordination; assessing; risk identification and recommendations; and reporting activities.
- Nuance GRC team member responsible for supporting CISO in executive reporting for HIPAA Security program metrics.
- Maintain oversight of HIPAA Security program data in a GRC-related platform, including program enhancements.
- Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.
- Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
- Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
- Define qualitative and quantitative metrics to assess the success of the HIPAA Security program and provide regular reports to security and business leadership.
- Perform other duties as assigned.
Education and Qualifications
- Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
- Holds or is working toward one or more of the following: CISA, CISSP, CISM, or related certifications
Skills and Experience
- At least 3+ years’ experience in security control assessment or audit activities with exposure to various security frameworks.
- Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.
- Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, HIPAA, and GDPR. Additional experience in one or more of the following: ISO 27001/2, HITRUST or NIST.
- Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
- Capacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, DevOps and application security is required.
- Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
- Preferred experience with cloud environments such as Microsoft Azure.
- Prior experience with using GRC systems from vendors such as RSA or ServiceNow.
- Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
- Self-motivated, directed and well-organized, with the vision to position controls in anticipation of threats.
- Successful track record of managing external entities’ contracts and relationships, and mitigating risks to business development opportunities.
Nuance offers a compelling and rewarding work environment. We offer market competitive salaries, bonus, equity, benefits, meaningful growth and development opportunities and a casual yet technically challenging work environment. Join our dynamic, entrepreneurial team and become part of our continuing success.
Nuance celebrates diversity and is proud to be an equal employment opportunity and affirmative action workplace. We consider all qualified applicants without regard to race, color, religion, sex (including pregnancy), sexual orientation, gender identity or expression, national origin, military and veteran status, disability, genetics, or any other category protected by law or Nuance policy. If you need an accommodation because of a disability for any part of the employment process, please call 781-565-5086 and let us know.