GRC Analyst- Compliance

Responsibilities
Artificial Intelligence; Advanced Technology; The very best in patient care. With decades of expertise, RadNet is Leading Radiology Forward. With dynamic cross-training and advancement opportunities in a team-focused environment, the core of RadNet's success is its people with the commitment to a better healthcare experience. When you join RadNet as a Governance, Risk and Compliance Analyst , you will be joining a dedicated team of professionals who deliver quality, value, and access in the 21st century and align all stakeholders- patients, providers, payors, and regulators to achieve the best clinical outcomes.
You Will:

• Evaluate IT systems, processes, and policies against regulatory requirements and industry standards.
• Stay informed on evolving regulations, industry standards, and best practice in IT compliance.
• Develop, update, and maintain IT policies, procedures, and guidelines in alignment with industry standards, compliance frameworks, and regulatory requirements (e.g., SOC 2, ISO 27001, NIST, HIPAA, GDPR, SOX).
• Support internal stakeholders in understanding and implementing compliance requirements.
• Work with IT Cyber and Security teams, Compliance, Legal, Internal Audit, and External Auditors, as well as act as a member of RadNet's IS Policies and Procedures Committee.
• Work closely with key stakeholders to conduct business impact assessments across multiple areas of the business.
• Maintain RadNet's enterprise risk register.
• Conduct risk assessments to identify, analyze, and mitigate security and compliance risks.
• Assist in third-party vendor risk management (VRM) by evaluating security controls and compliance posture.
• Align policies and procedures with documentation requirements for all required compliance frameworks.
• Identify process and procedure gaps between current IT practices and compliance requirements, and collaborate with internal stakeholders to develop and implement necessary workflows.
• Support internal and external audits (SOC 1&2, HIPAA, SOX etc.) by gathering evidence and ensuring control effectiveness.
• Coordinate with cross-functional teams to address compliance gaps and implement corrective actions.
• Document audit compliance activities and track remediation efforts to completion.
• Work closely with key stakeholders and system owners in the ongoing development of BC/DR plans.
• Regularly update and test BC/DR plans to ensure readiness in the event of an incident.
• Help ensure BC/DR documentation aligns with operational resilience requirements.
• Support initiatives related to data security awareness training.
• Assist in the development of security awareness programs to educate employees on security best practices.
• Collaborate with IT security and compliance teams to ensure secure data handling and protection measures. Collaborate with Compliance Team to develop, track, and report on Security related training initiatives.
• Create and maintain data flow diagrams and workflow diagrams as needed to support security, compliance, and operational initiatives.
• Collaborate with IT and business teams to ensure diagrams accurately represent current processes and data flows.

• Exercise sound judgement and an ability to remain professional in all situations.
• You demonstrate effective and professional communication, interpersonal skills and respect with patients, guests & colleagues.
• You have a structured work-approach, understand complex problems and you are able to prioritize work in a fast-paced environment.

• College education or work experience in a related field is required.
• Strong understanding of risk assessment methodologies and risk mitigation strategies.
• Previous experience in a GRC, IT security, risk management, or compliance role.
• Ability to translate technical or complex concepts into user-friendly language.
• Ability to collaborate, working closely with both functional and technical teams.
• Ability to remain flexible as priorities change, adaptable to change, and able to accept ambiguity.
• Ability to work independently and within a team environment.
• Familiarity with compliance frameworks such as SOC 2, ISO 27001, NIST, HIPAA, GDPR, PCI-DSS.
• Ability to communicate compliance and security concepts to both technical and non-technical audiences.
• Experience in a regulated industry such as healthcare, finance, or technology.
• Experience with GRC tools (e.g., Cybersaint, Archer, LogicGate).
• CISSP, CISA, CRISC, CRCP certifications are a plus.
• Strong understanding of application, operating system and database security controls.
• Strong analytical skills.
• Excellent communication skills including speaking in front of others.
• Must be meticulously organized and self-motivated.
• Writing skills, a must.
• Strong interpersonal skills.
• Ability to bring projects to completion.
• Proven ability to work independently with minimal supervision.
• Willingness to do some travel, 10% of time.

• Comprehensive Medical, Dental and Vision coverages.
• Health Savings Accounts with employer funding.
• Wellness dollars
• 401(k) Employer Match
• Free services at any of our imaging centers for you and your immediate family.