Job Application for GRC Analyst at Modernizing Medicine, Inc.

New

We are united in our mission to make a positive impact on healthcare. Join Us!

South Florida Business Journal, Best Places to Work 2024
Inc. 5000 Fastest-Growing Private Companies in America 2024
2024 Black Book Awards, ranked #1 EHR in 11 Specialties
2024 Spring Digital Health Awards, “Web-based Digital Health” category for EMA Health Records (Gold)
2024 Stevie American Business Award (Silver), New Product and Service: Health Technology Solution (Klara)

Who we are:

We Are Modernizing Medicine (WAMM)! We’re a team of bright, passionate, and positive problem-solvers on a mission to place doctors and patients at the center of care through an intelligent, specialty-specific cloud platform. Our vision is a world where the software we build increases medical practice success and improves patient outcomes. Founded in 2010 by Daniel Cane and Dr. Michael Sherling, we have grown to over 3400 combined direct and contingent team members serving eleven specialties, and we are just getting started! ModMed's global headquarters is based in Boca Raton, FL, with a growing office in Hyderabad, India, and a robust remote workforce across the US, Chile, and Germany.

ModMed is hiring a driven GRC Analyst (Governance, Risk, and Compliance) Analyst to support the development and implementation of GRC strategies within ModMed. This role will ensure that ModMed adheres to regulatory requirements, industry standards, and best practices for cybersecurity. The ideal candidate will have a strong understanding of GRC frameworks, experience in risk
assessment and management, and the ability to collaborate across various departments to enhance our security posture.

Your Role:

Governance

Develop and maintain cybersecurity policies, procedures, and standards.
Ensure alignment of cybersecurity practices with business objectives and regulatory requirements.
Assist in the creation and management of the cybersecurity governance framework.

Risk Management

Conduct risk assessments on third parties to identify and evaluate potential cybersecurity risks.
Develop and implement risk mitigation strategies and controls.
Monitor and report on risk management activities and the effectiveness of controls.

Compliance

Ensure compliance with industry regulations and standards (PCI, HIPAA, SOC2).
Conduct regular audits and assessments to ensure adherence to compliance requirements.
Collaborate with internal and external auditors during compliance reviews and audits.

Security Awareness & Training

Develop and deliver cybersecurity awareness training materials.
Promote a culture of cybersecurity awareness across the organization.
Monitor and report on the effectiveness of security awareness initiatives.

Reporting & Documentation

Prepare regular reports on GRC activities and metrics for senior security management.
Maintain comprehensive documentation of all GRC activities, policies, and procedures.
Ensure proper documentation of risk assessments, audit findings, and compliance activities.

Skills & Requirements:

Bachelor’s degree in Information Security, Cybersecurity, or Information Technology or equivalent education and experience.
Minimum of 3-5 years of experience in information security GRC, or related fields.
Experience with PCI, HIPAA, SOC2, CIS Controls, and risk management, enterprise security risk management.
Familiarity with healthcare industry regulations and standards is a plus.
Proficiency in PCI and security risk assessments methodologies and tools.
Excellent problem-solving skills.
Strong communication and interpersonal skills.
Strong understanding of security frameworks and standards (NIST CSF, PCI, HIPAA, SOC2, CIS Controls).
Experience with GRC tools and technologies PCIP, ISA CISA Certification.

#LI-DV1

ModMed Benefits Highlight: At ModMed, we believe it’s important to offer a competitive benefits package designed to meet the diverse needs of our growing workforce. Eligible Modernizers can enroll in a wide range of benefits:

India

Meals & Snacks: Enjoy complimentary office lunches & dinners on select days and healthy snacks delivered to your desk,
Insurance Coverage: Comprehensive health, accidental, and life insurance plans, including coverage for family members, all at no cost to employees,
Allowances: Annual wellness allowance to support your well-being and productivity,
Earned, casual, and sick leaves to maintain a healthy work-life balance,
Bereavement leave for difficult times and extended medical leave options,
Paid parental leaves, including maternity, paternity, adoption, surrogacy, and abortion leave,
Celebration leave to make your special day even more memorable, and company-paid holidays to recharge and unwind.

United States

Comprehensive medical, dental, and vision benefits, including a company Health Savings Account contribution,
401(k): ModMed provides a matching contribution each payday of 50% of your contribution deferred on up to 6% of your compensation. After one year of employment with ModMed, 100% of any matching contribution you receive is yours to keep.
Generous Paid Time Off and Paid Parental Leave programs,
Company paid Life and Disability benefits, Flexible Spending Account, and Employee Assistance Programs,
Company-sponsored Business Resource & Special Interest Groups that provide engaged and supportive communities within ModMed,
Professional development opportunities, including tuition reimbursement programs and unlimited access to LinkedIn Learning,
Global presence and in-person collaboration opportunities; dog-friendly HQ (US), Hybrid office-based roles and remote availability for some roles,
Weekly catered breakfast and lunch, treadmill workstations, Zen, and wellness rooms within our BRIC headquarters.

PHISHING SCAM WARNING: ModMed is among several companies recently made aware of a phishing scam involving imposters posing as hiring managers recruiting via email, text and social media. The imposters are creating misleading email accounts, conducting remote "interviews," and making fake job offers in order to collect personal and financial information from unsuspecting individuals. Please be aware that no job offers will be made from ModMed without a formal interview process, and valid communications from our hiring team will come from our employees with a ModMed email address (first.lastname@modmed.com). Please check senders’ email addresses carefully. Additionally, ModMed will not ask you to purchase equipment or supplies as part of your onboarding process. If you are receiving communications as described above, please report them to the FTC website.

First Name

Last Name

Phone

Location (City)

Resume/CV*

Accepted file types: pdf, doc, docx, txt, rtf

Cover Letter

Accepted file types: pdf, doc, docx, txt, rtf

School

Select...

Degree

Select...

Discipline

Select...

LinkedIn Profile

How did you hear about this job?

If you are currently employed in a medical practice setting, does your current employer utilize one of our products such as EMA®, gGastro®, or Klara in their medical practice?

Select...

What is the highest level of education you've achieved?

Select...

Do you have any relatives or close personal relationships who are currently employed and/or in consideration for employment by Modernizing Medicine or its affiliates, including Klara Technologies? *Relatives are defined as all family members: an employee’s parent, child, spouse, brother, sister, grandparent, domestic partner, aunt, uncle, niece, nephew, or cousin, including any step, half, in-law, or adoptive relationships within the preceding categories. **Close Personal Relationship includes members of the same household, even if the person is not a blood relative, and dating relationships, which is defined by the Company as any employee currently romantically involved in a consensual relationship with another employee.

Select...

If you answered "yes" to the previous question, please list their name(s) and relationship to you.

Have you entered into an agreement (such as a non-competition or non-solicitation agreement) with your current employer, or any former employer or other party, that might, in any way, restrict your ability to work for our company?

Select...

Are you legally authorized to work in the US?

Select...

Do you now, or will you in the future, require sponsorship to work in the U.S. (e.g., STEM OPT, H-1B)?

Select...

ACKNOWLEDGEMENT: The information that I am submitting in this application is true and correct. I understand that in the event of my employment by the Company, I shall be subject to dismissal if any information that I have given in this application is false or misleading or if I have failed to give any information herein requested, regardless of the time elapsed after discovery. I authorize the Company to inquire into my educational, professional and past employment history and references as needed to research my qualifications for this position. I hereby give my consent to any former employer to provide employment-related information about me to the Company and will hold the Company and my former employer harmless from any claim made on the basis that such information about me was provided or that any employment decision was made on the basis of such information. I further authorize the Company to obtain any credit and consumer check. I hereby grant the Company, a limited license and right to use, store and process all of the information and data that I have provided or posted in this application, including my resume and other documentation submitted ("Information"), and the right to sublicense this Information to third parties who may have access to this information and data for purposes of assisting the Company in its recruiting and hiring efforts and activities, and/or who host, operate or otherwise perform on the Company's recruiting websites, including this site. I hereby represent to the Company that any Information does not violate the privacy rights, publicity rights, copyrights, contract rights, intellectual property rights, or any other rights of any person. If I am a California resident, I hereby acknowledge and agree that I have received and had an opportunity to review the Privacy Notice for California Residents Seeking Employment with Modernizing Medicine, Inc., (available here: https://www.modmed.com/ccpa-privacy-notice/). I agree to indemnify, defend and hold the Company harmless from any third party claim, action, suit or proceeding arising out of or resulting from the Information. I understand that nothing in this employment application, the granting of an interview or my subsequent employment with the Company is intended to create an employment contract between myself and the Company under which my employment could be terminated only for cause. If employed, I will be required to provide original documents which verify my identity and right to work in the United States under the Immigration Reform and Control Act (IRCA) of 1986. The document(s) provided will be used for completion of Form I-9. *** BY TYPING MY FULL NAME BELOW, I hereby acknowledge that I have read and understand the above and I agree to the above terms in their entirety. **

Today's Date (use MM/DD/YYYY format)

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in Modernizing Medicine, Inc.’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Gender

Select...

Are you Hispanic/Latino?

Select...

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Veteran Status

Select...

Voluntary Self-Identification of Disability

Form CC-305

Page 1 of 1

OMB Control Number 1250-0005

Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

Alcohol or other substance use disorder (not currently using drugs illegally)
Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
Blind or low vision
Cancer (past or present)
Cardiovascular or heart disease
Celiac disease
Cerebral palsy
Deaf or serious difficulty hearing
Diabetes
Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
Epilepsy or other seizure disorder
Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
Intellectual or developmental disability
Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
Missing limbs or partially missing limbs
Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
Partial or complete paralysis (any cause)
Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
Short stature (dwarfism)
Traumatic brain injury

Disability Status

Select...

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

GRC Analyst

Apply for this job

Voluntary Self-Identification

Voluntary Self-Identification of Disability