Security Analyst - GRC

Blink Health is the fastest growing healthcare technology company that builds products to make prescriptions accessible and affordable to everybody.  Our two primary products – BlinkRx and Quick Save – remove traditional roadblocks within the current prescription supply chain, resulting in better access to critical medications and improved health outcomes for patients. 

BlinkRx is the world’s first pharma-to-patient cloud that offers a digital concierge service for patients who are prescribed branded medications. Patients benefit from transparent low prices, free home delivery, and world-class support on this first-of-its-kind centralized platform. With BlinkRx, never again will a patient show up at the pharmacy only to discover that they can’t afford their medication, their doctor needs to fill out a form for them, or the pharmacy doesn’t have the medication in stock. 

We are a highly collaborative team of builders and operators who invent new ways of working in an industry that historically has resisted innovation. Join us!

We are seeking a detail-oriented and proactive Security Analyst - GRC (Governance, Risk, and Compliance) to join our Information Security team. The Security Analyst will play a pivotal role in ensuring the organization’s adherence to regulatory requirements, identifying and mitigating risks, and enhancing governance processes. This position will collaborate with cross-functional teams to maintain a strong security posture and align our operations with industry standards.

• →Develop and maintain information security policies, standards, and procedures in line with industry best practices and frameworks.
• →Monitor compliance with policies and procedures across departments and provide recommendations for improvement.
• →Collaborate with internal stakeholders to support security awareness and training programs.
• →Assist in conducting risk assessments and evaluating the effectiveness of existing controls.

• →Document, and track risks, including mitigation plans and residual risks.
• →Coordinate with stakeholders to ensure timely remediation of identified risks.
• →Monitor compliance with applicable laws, regulations, and standards such as HIPAA, PCI DSS.

• →Assist with internal and external audits by preparing documentation, evidence, and responses.
• →Assist with third party security penetration tests.
• →Stay informed about emerging compliance requirements and ensure the organization adapts accordingly.
• →Assist in maintaining and enhancing GRC tools and platforms.

• →Prepare regular reports and dashboards for leadership on governance, risk, and compliance status.
• →Monitor and triage security alerts. 
• →Participate in incident response and business continuity planning efforts as needed.
• →Work with Enterprise Security, Application Security, and Cloud Security team members
• →Maintain the security center of excellence. 

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Business Administration, or a related field.
• 3+ years of experience in GRC, risk management, compliance, or a related role.
• Familiarity with GRC frameworks such as ISO 27001, NIST CSF, SOC 2, or COBIT.
• Understanding of regulatory requirements like HIPAA and PCI DSS.
• Proficiency in GRC tools and platforms.
• Strong analytical, organizational, and communication skills.