Senior Security Risk Analyst #3496
Menlo Park, CA, USA
Posted on Thursday, February 8, 2024
GRAIL is a healthcare company whose mission is to detect cancer early, when it can be cured. GRAIL is focused on alleviating the global burden of cancer by developing pioneering technology to detect and identify multiple deadly cancer types early. The company is using the power of next-generation sequencing, population-scale clinical studies, and state-of-the-art computer science and data science to enhance the scientific understanding of cancer biology, and to develop its multi-cancer early detection blood test. GRAIL is headquartered in Menlo Park, CA with locations in Washington, D.C., North Carolina, and the United Kingdom. GRAIL, LLC is a wholly-owned subsidiary of Illumina, Inc. (NASDAQ:ILMN). For more information, please visit www.grail.com.
GRAIL seeking a dynamic Security Risk Analyst to join our Security Governance, Risk and Compliance (GRC)Team. The Security Risk Analyst will be supporting the Security GRC Team to help mature GRAIL’s GRC function by defining security guardrails and countermeasures to protect GRAIL’s assets, customers, and business partners.
In this role you are pivotal in driving continuous improvement efforts for GRAIL’s Information security risk management process, in addition to the end to end operations of the risk management life cycle.
GRAIL's headquarters are located in Menlo Park, CA and this role is a hybrid role with 2 days onsite.
- Lead and drive comprehensive information security risk assessments including identification, assessment and measurement across different systems/processes, assets and third parties
- Partner with cross-functional teams including (but not limited to) Engineering, IT, People, Finance, Quality to identify appropriate security controls to implement, and define risk mitigation strategies
- Collaborate with business owners to ensure that onboarded third party solutions are properly assessed for security risks, and that adequate security controls are in place
- Document, track and evaluate the effectiveness of risk mitigation efforts performed by cross-functional teams
- Identify security controls that will be implemented for risk mitigation (this includes controls from ISO 27001, PCI, HIPAA and/or SOC 2)
- Develop, update and maintain policy and procedure documentations on a specified cadence or as needed
- Serve as a subject matter expert for the Risk Management program, and support relevant audit requests during external audits
- Lead efforts in configuring and maintaining a comprehensive Information Security Risk Register using GRAIL’s GRC platform
- Build and maintain metrics to help cultivate awareness of organizational information security risks
- Communicate risk assessment results and risk mitigation status to the leadership team
- Perform other relevant tasks as assigned
- Bachelor’s degree in an Information Systems, Engineering, or related technical discipline
- 3+ years proven experience in risk assessment, preferably in the healthcare/Biotech domainDemonstrated experience in Information Security reviews, and or risk assessments
- Deep understanding of risk assessment methodologies and frameworks such as NIST RMF / NIST 800-53
- Knowledgeable in security frameworks and standards including, but not limited to, ISO 27001, PCI DSS, HIPAA and SOC 2
- Skilled in analyzing and interpreting security data/architecture for risk evaluation
- Ability to communicate effectively between technical and non-technical stakeholders, across different levels of the organization
- Strong analytical, and organizational skills for prioritization and decision-making
- Ability to learn new tools and technologies quickly
- Technical understanding of cloud-based security in an AWS environment preferred
The estimated, full-time, annual base pay scale for this position is $ 130,000 - $ 160,000. Actual base pay will consider skills, experience, and location.
Based on the role, colleagues may be eligible to participate in an annual bonus plan tied to company and individual performance, or an incentive plan. We also offer a long-term incentive plan to align company and colleague success over time.
In addition, GRAIL offers a progressive benefit package, including flexible time-off, a 401k with a company match, and alongside our medical, dental, vision plans, carefully selected mindfulness offerings.
GRAIL is an Equal Employment Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status. We will reasonably accommodate all individuals with disabilities so that they can participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation. GRAIL maintains a drug-free workplace.