Senior GRC Associate

Job description

How you’ll make an impact: The Senior Compliance Associate will work inside Strata’s Information Technology group and assist with all aspects of governance, risk, and compliance. This position works collaboratively to ensure Strata complies with industry regulations, client requirements, and best practices. This position serves as a subject matter expert in key certifications and regulatory frameworks, including state privacy laws, HIPAA, ISO 27001, and SSAE 18. Key Responsibilities: - Lead and coordinate HITRUST certification efforts, including audit readiness, evidence management, and external assessor coordination - Support SOC 2 Type II compliance, including control testing, audit support, and ongoing control effectiveness monitoring - Manage Disaster Recovery and Business Continuity programs, including planning, coordination, and execution of testing exercises - Lead responses to customer security questionnaires (DDQs) and internal compliance requests, partnering cross-functionally to deliver accurate and timely information - Drive remediation by managing corrective action plans (CAPs) and coordinating cross-functional efforts to closure - Drive vendor risk management and secu...