Senior Security Risk Analyst
Posted on 2/8/2024
GRAIL

1,001-5,000 employees

Designs cancer screening tests
Company Overview
GRAIL's mission is to detect cancer early, when it can be cured. They are working to change the trajectory of cancer mortality and bring stakeholders together to adopt innovative, safe, and effective technologies that can transform cancer care.
Data & Analytics

Company Stage

N/A

Total Funding

$11B

Founded

2016

Headquarters

Menlo Park, California

Growth & Insights
Headcount

6 month growth

4%

1 year growth

8%

2 year growth

22%
Locations
Menlo Park, CA, USA
Experience Level
Entry
Junior
Mid
Senior
Expert
Desired Skills
AWS
CategoriesNew
IT & Security
Requirements
  • Bachelor’s degree in an Information Systems, Engineering, or related technical discipline
  • 3+ years proven experience in risk assessment, preferably in the healthcare/Biotech domain
  • Deep understanding of risk assessment methodologies and frameworks such as NIST RMF / NIST 800-53
  • Knowledgeable in security frameworks and standards including, but not limited to, ISO 27001, PCI DSS, HIPAA and SOC 2
  • Technical understanding of cloud-based security in an AWS environment preferred
Responsibilities
  • Lead and drive comprehensive information security risk assessments including identification, assessment and measurement across different systems/processes, assets and third parties
  • Partner with cross-functional teams to identify appropriate security controls to implement, and define risk mitigation strategies
  • Collaborate with business owners to ensure that onboarded third party solutions are properly assessed for security risks, and that adequate security controls are in place
  • Document, track and evaluate the effectiveness of risk mitigation efforts performed by cross-functional teams
  • Develop, update and maintain policy and procedure documentations on a specified cadence or as needed
  • Lead efforts in configuring and maintaining a comprehensive Information Security Risk Register using GRAIL’s GRC platform
  • Build and maintain metrics to help cultivate awareness of organizational information security risks
  • Communicate risk assessment results and risk mitigation status to the leadership team
Desired Qualifications
  • Ability to learn new tools and technologies quickly
  • Skilled in analyzing and interpreting security data/architecture for risk evaluation
  • Strong analytical, and organizational skills for prioritization and decision-making