GRC Security Analyst

POSITION TITLE: Governance, Risk, and Compliance (GRC) Security Analyst 

LOCATION: Cambridge, MA (hybrid)

This position sits in and reports to our global HQ in Cambridge, MA. 

Who We Are:  

TriNetX was founded on the idea that incorporating real-world data results in better clinical trial design, improves the site selection and patient recruitment process and generates real-world evidence (RWE) to advance the collective understanding of human health. TriNetX collaborates with the majority of industry leaders, including 13 of the top 15 pharmaceutical companies, and is powered by an impressive network of 170 healthcare organizations across 30 countries. 

As a result of its reach and rapidly expanding network, TriNetX has become the market leader in protocol design, feasibility, and site selection. Researchers have leveraged the TriNetX network to analyze over 39,000 protocols, presented over 10,000 clinical trial opportunities to its healthcare members, and reduced site identification time in clinical trials by 50%. 

Currently, TriNetX healthcare organization members contribute access to a patient population of 400 million, representing over 40 billion clinical observations. TriNetX has a worldwide presence, with our global headquarters located in Cambridge, Massachusetts and EU offices in Ghent, Belgium; Freiburg, Germany; and Basel, Switzerland – as well as offices in London, Madrid, Melbourne, Sao Paulo, Singapore, Tokyo, and Healdsburg, California. As a result, TriNetX is one of the fastest-growing, privately held companies in the life sciences industry. 

What Challenges We Work On: 

TriNetX is the global health research network that optimizes clinical research and enables discoveries through the creation of real-world evidence. TriNetX combines real-time access to longitudinal clinical data with state-of-the-art analytics to answer complex research questions at the speed of thought.  Each member of our community shares in the consolidated value of our global, federated health research network that connects clinical researchers to the patient populations which they are attempting to study. 

Who We Are Looking For:  

The Information Security Team is looking for a detail-oriented candidate to join as a GRC Security Analyst to continue the success of our fast-paced active team. In this position, the GRC Security Analyst will support the security direction of the business and elevate the company’s security posture. The GRC Security Analyst is expected to support the security strategy of the business as it evolves. 

What You Will Be Doing: 

• Continue implementation of additional modules and integration of the GRC-related platform, TrustCloud. 
• Document, formulate, and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation. 
• Act as point person with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws. 
• Analyze findings, and document, recommend and report program. 
• Oversee and direct our Vendor Management Program. 
• Respond to security assessments, assisting in customer facing security content. 
• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.  
• Apply GRC expertise across key lines of business, including products, practices and procedures. 
• Define or aid in definition of qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.  
• Perform other duties as assigned. 

What You Bring to TriNetX: 

• 3-5 years related experience, preferably in highly regulated environments.
• Understanding of cloud environments such Amazon Web Services (AWS).
• Prior experience with GRC systems from vendors such as TrustCloud.
• Demonstrated problem-solving capabilities, and ability to understand complex local and international security requirements.
• Self-motivated, directed and well-organized, with the vision to position controls in anticipation of threats. 
• Stays current in laws and regulations as well as related risk categories.
• Holds or is working toward one or more of the following: CISSP, CRISC, CISM, or CISA. 
• Experience and understanding of various requirements and frameworks, examples include NIST, HIPAA, GDPR, or ISO 27001. 

As a condition of employment, the individual must provide proof of Covid 19 vaccination unless a medical or religious exemption is granted by TriNetX. 

Learn More About TriNetX: 

To learn more about us, please check out our website, blog, and Careers page - and be sure to follow us on X (Twitter) and LinkedIn.  You can also find out more about what it’s like to work at TriNetX on The Muse. 

Interested in Joining Our Community? 

TriNetX is an Equal Opportunity Employer. All persons are considered for employment without regard to their race, color, creed, religion, national origin, ancestry, citizenship status, age, disability or handicap, sex or gender, marital status, sexual orientation, genetic information, gender identity, veteran status, or any other characteristic or status protected by applicable federal, state or local laws. 

This Organization Participates in E-Verify 

This employer participates in E-Verify and will provide the federal government with your Form I-9 information to confirm that you are authorized to work in the U.S. If E-Verify cannot confirm that you are authorized to work, this employer is required to give you written instructions and an opportunity to contact Department of Homeland Security (DHS) or Social Security Administration (SSA) so you can begin to resolve the issue before the employer can take any action against you, including terminating your employment. Employers can only use E-Verify once you have accepted a job offer and completed the Form I-9.