Boston Medical Center (BMC) Logo

Boston Medical Center (BMC)

Senior Cybersecurity Analyst (GRC)

Reposted 3 Days Ago
Remote
Hiring Remotely in USA
90K-130K Annually
Senior level
Remote
Hiring Remotely in USA
90K-130K Annually
Senior level
Lead and mature the organization's GRC program by maintaining risk registers and control frameworks, driving compliance monitoring, coordinating third-party/vendor risk assessments, applying risk scoring and maturity tracking, managing GRC artifacts (Excel/SharePoint), translating findings for executives, and partnering with stakeholders to implement security policy and process improvements in a regulated healthcare environment.
The summary above was generated by AI

POSITION SUMMARY:

The Senior Cybersecurity Analyst (Governance, Risk, and Compliance) plays an important role in building and maturing Boston Medical Center Health System’s GRC program. This role will be key to developing and improving human-driven processes before enterprise tooling is in place, and will  make that work visible, auditable, and ready to scale.

Position: Senior Cybersecurity Analyst

Department: Information Security

Schedule: Full Time

ESSENTIAL RESPONSIBILITIES / DUTIES:

  • Lead execution of GRC program initiatives, contributing design input on processes, workflows, and work products as the program matures toward enterprise tooling adoption.

  • Maintain and operationalize risk registers, control frameworks, and maturity assessments aligned to NIST CSF 2.0, HIPAA/HITECH, and applicable federal and state security and privacy regulations.

  • Drive compliance monitoring activities and recommend updates to security policies, standards, and procedures that balance regulatory rigor with operational practicality.

  • Coordinate the third-party risk management process, including vendor risk assessments and ongoing vendor risk workflows.

  • Apply risk scoring methodologies to support framework maturity tracking and quantified risk metrics, incorporating business continuity and disaster recovery considerations.

  • Manage structured GRC work products in spreadsheet and document-based environments (e.g., Excel, SharePoint), keeping them accurate, accessible, and audit-ready on an ongoing basis.

  • Translate technical findings into clear, actionable written and verbal reporting for executive and non-technical audiences.

  • Partner with stakeholders across IT and non-IT business functions to advance new standards and workflows, influencing adoption without direct authority.

  • Prioritize multiple concurrent workstreams to deliver accurate results on schedule in a fast-paced, evolving environment.

(The above statements in this job description are intended to depict the general nature and level of work assigned to the employee(s) in this job. The above is not intended to represent an exhaustive list of accountable duties and responsibilities required)

JOB REQUIREMENTS

REQUIRED EDUCATION AND EXPERIENCE:

  • Bachelor's degree in Cybersecurity, Computer Science, Information Management, or a related field preferred

  • A minimum of six years of experience in information security or related discipline, with a strong focus on governance, risk, and compliance programs in complex or regulated environments.

  • Or equivalent combination of education and experience.

PREFERRED EDUCATION AND EXPERIENCE:

  • Demonstrated experience building or significantly maturing a GRC function, including the design of processes and workflows prior to enterprise tooling adoption.

CERTIFICATIONS, LICENSES, REGISTRATIONS PREFERRED:

  • Professional certifications such as CISA, CRISC, CISSP, or equivalent are highly desirable.

KNOWLEDGE, SKILLS & ABILITIES (KSAs):

  • Demonstrated experience in data mining, analysis and report development required.

  • Strong knowledge of information systems security concepts and current information security/privacy trends and practices.

  • Knowledge of Federal and State security and privacy-related regulatory requirements.

  • Excellent written and oral communication skills, interpersonal skills, and effective leadership skills to support privacy programs.

  • Must be able to prepare formal reports and presentations as needed.

  • Must be detailed oriented and possess the ability to prioritize tasks so work is completed in an accurate, timely manner.

  • Strong business and technical skills in the planning, administration, and management of information systems, operational and technical security controls; and security risk analysis and management.

  • Self-starter with the ability to work independently, prioritize, multi-task, and maintain flexibility in fast-paced, changing environment.

  • Ability to confront conflict and difficult issues in a professional, assertive, and proactive manner.

  • Ability to build strong working relationships at all levels, internal and/or external to the organization.

  • Knowledge about medical records and other medical information, patient privacy and confidentiality, and release of information. Academic medical center and/or health care consulting experience preferred.

Compensation Range:

$89,500.00- $130,000.00

This range offers an estimate based on the minimum job qualifications. However, our approach to determining base pay is comprehensive, and a broad range of factors is considered when making an offer. This includes education, experience, skills, and certifications/licensures as they directly relate to position requirements; as well as business/organizational needs, internal equity, and market-competitiveness. In addition, BMCHS offers generous total compensation that includes, but is not limited to, benefits (medical, dental, vision, pharmacy), discretionary annual bonuses and merit increases, Flexible Spending Accounts, 403(b) savings matches, paid time off, career advancement opportunities, and resources to support employee and family well-being. 

NOTE: This range is based on Boston-area data, and is subject to modification based on geographic location.

Equal Opportunity Employer/Disabled/Veterans

According to the FTC, there has been a rise in employment offer scams. Our current job openings are listed on our website and applications are received only through our website. We do not ask or require downloads of any applications, or “apps” job offers are not extended over text messages or social media platforms. We do not ask individuals to purchase equipment for or prior to employment. 

HQ

Boston Medical Center (BMC) Boston, Massachusetts, USA Office

One Boston Medical Center Place, Boston, MA, United States, 02118

Similar Jobs

18 Minutes Ago
Remote or Hybrid
93K-115K Annually
Mid level
93K-115K Annually
Mid level
Cloud • Real Estate • Software • PropTech
Lead strategic account management for commercial property clients: identify growth and upsell opportunities, ensure client retention and satisfaction, coordinate cross-functional teams, monitor KPIs and budgets, and drive revenue growth while managing escalations and project delivery.
53 Minutes Ago
In-Office or Remote
CA, USA
195K-343K Annually
Senior level
195K-343K Annually
Senior level
Blockchain • eCommerce • Fintech • Payments • Software • Financial Services • Cryptocurrency
Lead architecture and technical strategy for AI-driven product quality systems using LLMs and agents. Build scalable evaluation frameworks, detect regressions, generate insights, and drive cross-functional adoption while mentoring engineers and defining standards for trustworthy AI.
Top Skills: AgentsAi InfrastructureEvaluation SystemsLlmsRetrieval Architectures
54 Minutes Ago
In-Office or Remote
38K-223K Annually
Mid level
38K-223K Annually
Mid level
Blockchain • eCommerce • Fintech • Payments • Software • Financial Services • Cryptocurrency
Field-driven full-cycle sales role owning a territory: generate and qualify leads, run live demos, close deals across Squareproduct suite, build local partnerships and referrals, maintain CRM rigor, and consistently exceed quota through high-volume in-person activity and vertical expertise (restaurants, retail, services).
Top Skills: SalesforceSquare

What you need to know about the Boston Tech Scene

Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.

Key Facts About Boston Tech

  • Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
  • Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
  • Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
  • Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account