GRC Support Analyst

About RadNet

Artificial Intelligence; Advanced Technology; The very best in patient care. With decades of expertise, RadNet is Leading Radiology Forward. With dynamic cross-training and advancement opportunities in a team-focused environment, the core of RadNet’s success is its people with the commitment to a better healthcare experience. When you join RadNet as a GRC Support Analyst, you will be joining a dedicated team of professionals who deliver quality, value, and access in the 21st century and align all stakeholders- patients, providers, payors, and regulators to achieve the best clinical outcomes.

Your Role as a GRC Support Analyst

As a GRC Support Analyst, you will play a crucial role in maintaining RadNet's robust IT governance, risk, and compliance posture across various critical functions.

Governance and Policy Management

• Support the evaluation of IT systems, processes, and policies against regulatory requirements and industry standards.
• Stay informed on evolving regulations, industry standards, and best practice in IT compliance.
• Help develop, update, and maintain IT policies, procedures, and guidelines in alignment with industry standards, compliance frameworks, and regulatory requirements (e.g., SOC 2, ISO 27001, NIST, HIPAA, GDPR, SOX).
• Support internal stakeholders in understanding and implementing compliance requirements.
• Work with IT Cyber and Security teams, Compliance, Legal, Internal Audit, and External Auditors, as well as act as a member of RadNet’s IS Policies and Procedures Committee.

Risk Management And Compliance

• Work closely with key stakeholders to conduct business impact assessments across multiple areas of the business.
• Maintain RadNet’s enterprise risk register.
• Support ongoing risk assessments to identify, analyze and mitigate security and compliance risks.
• Develop and maintain risk scoring processes and documents.
• Assist in third-party vendor risk management (VRM) by evaluating security controls and compliance posture.

Audit And Compliance Readiness

• Align policies and procedures with documentation requirements for all required compliance frameworks.
• Identify process and procedure gaps between current IT practices and compliance requirements, and collaborate with internal stakeholders to develop and implement necessary workflows.
• Support internal and external audits (SOC 1&2, HIPAA, SOX etc.) by gathering evidence and ensuring control effectiveness.
• Coordinate with cross-functional teams to address compliance gaps and implement corrective actions.
• Document audit compliance activities and track remediation efforts to completion.

Business Continuity/Disaster (BC/DR) Planning

• Work closely with key stakeholders and system owners in the ongoing development of BC/DR plans.
• Regularly update and test BC/DR plans to ensure readiness in the event of an incident.
• Help ensure BC/DR documentation aligns with operational resilience requirements.

Data Protection & Security Awareness Training

• Support initiatives related to data security awareness training.
• Assist in the development of security awareness programs to educate employees on security best practices.
• Collaborate with IT security and compliance teams to ensure secure data handling and protection measures.
• Collaborate with Compliance Team to develop, track, and report on Security related training initiatives.

Audit, Legal, And Compliance Support

• Provide application data and user activity information for Legal requests.
• Analyze surveillance footage in support of Legal discovery process.
• Coordinate with Operations and Compliance in investigating and fulfilling medical records requests.
• Support internal teams by providing key application data as needed.

Data Flow & Workflow Diagram Development

• Create and maintain data flow diagrams and workflow diagrams as needed to support security, compliance, and operational initiatives.
• Collaborate with IT and business teams to ensure diagrams accurately represent current processes and data flows.

Candidate Profile

We are looking for someone passionate about patient care, exercising sound judgment, and maintaining professionalism. You should demonstrate effective and professional communication and interpersonal skills, a structured work approach, and the ability to prioritize in a fast-paced environment.

Required Qualifications for Success

• College education or work experience in a related field is required.
• Strong understanding of risk assessment methodologies and risk mitigation strategies.
• Previous experience in a GRC, IT security, risk management, or compliance role.
• Ability to translate technical or complex concepts into user-friendly language.
• Ability to collaborate, working closely with both functional and technical teams.
• Ability to remain flexible as priorities change, adaptable to change, and able to accept ambiguity.
• Ability to work independently and within a team environment.
• Familiarity with compliance frameworks such as SOC 2, ISO 27001, NIST, HIPAA, GDPR, PCI-DSS.
• Ability to communicate compliance and security concepts to both technical and non-technical audiences.
• Experience in a regulated industry such as healthcare, finance, or technology.
• Experience with GRC tools (e.g., Cybersaint, Archer, LogicGate).
• CISSP, CISA, CRISC, CRCP certifications are a plus.
• Strong understanding of application, operating system and database security controls.
• Strong analytical skills.
• Excellent communication skills including speaking in front of others.
• Must be meticulously organized and self-motivated.
• Writing skills, a must.
• Strong interpersonal skills.
• Ability to bring projects to completion.
• Proven ability to work independently with minimal supervision.
• Willingness to do some travel, 10% of time.

Benefits We Offer

• Comprehensive Medical, Dental and Vision coverages.
• Health Savings Accounts with employer funding.
• Wellness dollars.
• 401(k) Employer Match.
• Free services at any of our imaging centers for you and your immediate family.

Key skills/competency

• GRC (Governance, Risk, Compliance)
• IT Security
• Risk Management
• Compliance Frameworks (SOC 2, ISO 27001, NIST, HIPAA, GDPR, SOX, PCI-DSS)
• Audit Support
• Vendor Risk Management (VRM)
• Business Continuity/Disaster Recovery (BC/DR)
• Data Protection
• Security Awareness Training
• GRC Tools (Cybersaint, Archer, LogicGate)