Senior Manager, GRC

We are united in our mission to make a positive impact on healthcare. Join Us! 

• South Florida Business Journal, Best Places to Work 2024
• Inc. 5000 Fastest-Growing Private Companies in America 2024
• 2024 Black Book Awards, ranked #1 EHR in 11 Specialties
• 2024 Spring Digital Health Awards, “Web-based Digital Health” category for EMA Health Records (Gold)
• 2024 Stevie American Business Award (Silver), New Product and Service: Health Technology Solution (Klara)

Who we are:

We Are Modernizing Medicine (WAMM)! We’re a team of bright, passionate, and positive problem-solvers on a mission to place doctors and patients at the center of care through an intelligent, specialty-specific cloud platform. Our vision is a world where the software we build increases medical practice success and improves patient outcomes. Founded in 2010 by Daniel Cane and Dr. Michael Sherling, we have grown to over 3400 combined direct and contingent team members serving eleven specialties, and we are just getting started! ModMed's global headquarters is based in Boca Raton, FL, with a growing office in Hyderabad, India, and a robust remote workforce across the US, Chile, and Germany.

ModMed is seeking a Senior Manager of Information Security who will be responsible for human resource management of IT Controls & Compliance Specialists, as well as coordination and maintenance of the IT controls framework, and planning audit and assessment timelines and activities throughout each year. Additionally, this role will be responsible for the oversight and/or execution of the enterprise information security risk management program. The ideal candidate will be expected to manage and collaborate with subordinates, providing and/or clarifying technical approaches, and assisting in the overall completion of risk analysis and reporting tasks. The Manager of Information Security will have specific subject matter experience and expertise in internal IT controls frameworks, audit management, and technical security risk management. The successful candidate will have a passion for people, attention to detail, process maturation, and the drive to accomplish their goals. 

Your Role:

• Ensure the effective administration of established IT internal controls and control activities, while continuously refining and maturing them to meet dynamic business needs.
• Leverage, develop, and dispatch team members to ensure control activities are designed to achieve and evidence control objectives with the least required investment of time from control performers.
• Gather artifacts as appropriate to evidence the completion of IT control activities, including an inventory of networks and information systems under the business's control.
• Recommend changes, optimizations, and enhancements as appropriate to the use and configuration of the Governance Risk & Compliance (GRC) tool.
• Provide guidance on requirements necessary to maintain or achieve compliance with policies, regulations, or standards critical to the business.
• Maintain a repository of document artifacts sufficient to evidence diligent completion of controls and/or close oversight of the IT controls framework.
• Facilitate a regular IT management attestation of controls' fidelity to include time-based commitments to correct deficiencies.
• Serve as the primary point of contact with external auditors and assessors to facilitate the collection of audit artifacts and the scheduling of interviews and observations.
• Oversee and guide the cadence of system security risk analysis of key systems.
• Deploy team member skill sets suited to the requirements to recommend, implement, and deliver risk tracking and reporting for internal management action and executive and board-level reporting.

Skills & Requirements:

• Bachelor’s Degree or Equivalent Experience Information Systems Management, Information Security/Risk Management, or equivalent work experience
• 7+ years of experience managing audit, risk management, or IT personnel
• Proficiency with the following frameworks, standards, and regulations: NIST CSF, CIS v8.1 control framework, PCI DSS 4.0.1, SOC2, and HIPAA. 

#LI-DV1

ModMed Benefits Highlight:  At ModMed, we believe it’s important to offer a competitive benefits package designed to meet the diverse needs of our growing workforce. Eligible Modernizers can enroll in a wide range of benefits:

India

• Meals & Snacks: Enjoy complimentary office lunches & dinners on select days and healthy snacks delivered to your desk,
• Insurance Coverage: Comprehensive health, accidental, and life insurance plans, including coverage for family members, all at no cost to employees,
• Allowances: Annual wellness allowance to support your well-being and productivity,
• Earned, casual, and sick leaves to maintain a healthy work-life balance,
• Bereavement leave for difficult times and extended medical leave options,
• Paid parental leaves, including maternity, paternity, adoption, surrogacy, and abortion leave,
• Celebration leave to make your special day even more memorable, and company-paid holidays to recharge and unwind.

United States

• Comprehensive medical, dental, and vision benefits, including a company Health Savings Account contribution,
• 401(k):  ModMed provides a matching contribution each payday of 50% of your contribution deferred on up to 6% of your compensation. After one year of employment with ModMed, 100% of any matching contribution you receive is yours to keep.
• Generous Paid Time Off and Paid Parental Leave programs,
• Company paid Life and Disability benefits, Flexible Spending Account, and Employee Assistance Programs,
• Company-sponsored Business Resource & Special Interest Groups that provide engaged and supportive communities within ModMed,
• Professional development opportunities, including tuition reimbursement programs and unlimited access to LinkedIn Learning,
• Global presence and in-person collaboration opportunities; dog-friendly HQ (US), Hybrid office-based roles and remote availability for some roles,
• Weekly catered breakfast and lunch, treadmill workstations, Zen, and wellness rooms within our BRIC headquarters.

PHISHING SCAM WARNING: ModMed is among several companies recently made aware of a phishing scam involving imposters posing as hiring managers recruiting via email, text and social media. The imposters are creating misleading email accounts, conducting remote "interviews," and making fake job offers in order to collect personal and financial information from unsuspecting individuals. Please be aware that no job offers will be made from ModMed without a formal interview process, and valid communications from our hiring team will come from our employees with a ModMed email address (first.lastname@modmed.com). Please check senders’ email addresses carefully.  Additionally, ModMed will not ask you to purchase equipment or supplies as part of your onboarding process. If you are receiving communications as described above, please report them to the FTC website.