GRC Analyst at Rally Health
Join Rally Health's Security Team as a GRC Analyst, with a primary focus on Risk Management. You will work with systems and asset owners to help identify and catalog high clause assets; assess threats and vulnerabilities to identify risk; promote risk treatment activities; verify and validate the effectiveness of risk responses; and assist with third-party risk management. As part of the Governance, Risk, and Compliance team, you will report to the Director, GRC, and work with teams across the organization. We are a diverse team of Security Analysts and Engineers who work together towards our mission. We recognize that people come from a diverse set of backgrounds and skills and we welcome all to apply.You Will:
- Work with Rally teams to identify and maintain a list of high-value assets, threats, and current risk posture
- Document and maintain processes across the enterprise to reduce security risk; work with partners across the organization to design and mature security controls to support the mitigation of risks
- Conduct ad hoc risk assessments on topics as determined by risk assessments, or in response to management requests
- Produce periodic views/ reports of security risk to inform executives of the health of the program and of the entity's risk position
- Help with multiple GRC projects and responsibilities
- 4+ years experience working in the Security Governance, Risk, and Compliance field; or equivalent work experience
- Experience managing security risks, designing controls, and performing security risk assessments using established industry frameworks (HIPAA, SOC2, HITRUST, NIST, and ISO)
- Understanding of threats, vulnerabilities, risks, and controls in a cloud-based engineering environment
- Please note that hiring for this position will only be considered in the following states: AZ, CA, DC, FL, IL, MD, MN, NC, NJ, NV, NY, OR, PA, TN, TX, VA, or WA
Rally Health® is about putting health in the hands of the individual by empowering people to take charge of their health and health care with our online and mobile tools. We know that a diverse workforce enriches us with the talent, perspective, and inspiration we need to achieve our mission. Rally knows that we are strongest when our teams reflect the diversity of the world around us and create a sense of belonging.
Since 2017, Rally has been a non-integrated entity of Optum, a part of UnitedHealth Group. In the next stage of our evolution, Rally will elevate into a new organization within Optum known as Optum Digital. With these changes, set to be complete by the end of September 2021, we will bring together teams and resources to ultimately better deliver our digital products and services to consumers.Our Benefits:
- Great compensation package
- Comprehensive benefits package for full-time employees, including medical, dental, vision coverage, stock purchase plan, and 401(k)
- Wellness programs, including physical and mental health services
- Flexible paid time off for full-time employees & paid leave for new parents
- Employees in this position may also earn performance-based bonuses
Rally Health believes in a policy of equal employment and opportunity for all people. It is our policy to train and promote individuals in all job titles, and administer all programs, without regard to race, color, religion, national origin or ancestry, citizenship, sex, age, marital status, pregnancy, childbirth or related medical conditions, personal appearance, sexual orientation, gender identity or expression, family responsibilities, genetic information, disability, matriculation, political affiliation, veteran status, union affiliation, or any other category protected by applicable federal, state or local laws.
Individuals with disabilities and veterans are encouraged to apply. Applicants who require an accommodation related to the application or review process should notify Talent Acquisition ([email protected]).
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.