Sr Information Security GRC Analyst

Irvine, CA, US • Posted 14 hours ago • Updated 1 hour ago
Full Time
On-site
USD $130,000.00 - 170,000.00 per year
Fitment

Dice Job Match Score™

⏳ Almost there, hang tight...

Job Details

Skills

  • Legal
  • Continuous Improvement
  • Corrective And Preventive Action
  • Supply Chain Management
  • Evaluation
  • Due Diligence
  • Risk Assessment
  • Collaboration
  • Dashboard
  • Cloud Computing
  • SaaS
  • Emerging Technologies
  • Leadership
  • IT Audit
  • ISO/IEC 27001:2005
  • System On A Chip
  • Security Controls
  • Identity Management
  • Encryption
  • Vulnerability Management
  • Endpoint Protection
  • Cloud Security
  • Network Security
  • Analytical Skill
  • Documentation
  • Communication
  • Stakeholder Management
  • Management
  • Health Care
  • Medical Devices
  • Biotechnology
  • HIPAA
  • PCI DSS
  • NIS
  • Privacy
  • SAP GRC
  • Auditing
  • Risk Management
  • Reporting
  • Information Security Governance
  • Regulatory Compliance
  • CISSP
  • CISA
  • ISACA
  • CISM
  • Information Security
  • Cyber Security
  • Information Systems
  • Computer Science
  • English
  • Schematics
  • Cross-functional Team
  • Insurance

Summary

Job Description

Job Summary:

The Senior Information Security GRC Analyst supports and advances Masimo's enterprise information security governance, risk, and compliance (GRC) program through leadership of security compliance initiatives, third-party risk management, policy governance, audit readiness, and risk assessment activities.
This role partners closely with Information Security, IT, Engineering, Quality, Legal, and business stakeholders to strengthen security governance processes, support regulatory and customer requirements, and maintain alignment with industry frameworks and healthcare security expectations.
The Senior Information Security GRC Analyst contributes to the continuous improvement of governance processes, compliance monitoring, and enterprise risk management activities within a regulated healthcare and medical device environment. This position requires strong knowledge of information security principles, compliance frameworks, and risk management practices, along with the ability to communicate effectively across both technical and non-technical audiences

Duties & Responsibilities:

Support the strategic execution and continuous improvement of the enterprise information security governance, risk, and compliance (GRC) program
Lead coordination of external security audits and certification activities, including HITRUST, ISO 27001, SOC 2, and related compliance initiatives
Partner with internal stakeholders to gather documentation, evidence, remediation updates, and corrective action plans for audits and assessments
Conduct third-party and supply chain cybersecurity risk assessments, including evaluation of vendor security posture, due diligence questionnaires, and supporting security documentation
Collaborate with business and technical teams to respond to customer security assessments, compliance inquiries, and due diligence requests
Lead information security risk assessments and track remediation activities through resolution
Manage the review and tracking of security exceptions and risk acceptance requests, ensuring appropriate compensating controls and approvals are documented
Assist in the development, maintenance, and communication of information security policies, standards, procedures, and guidelines
Collaborate with technical teams to evaluate, document, and validate security controls and compliance requirements
Maintain audit findings, remediation plans, compliance documentation, risk registers, and governance tracking records
Develop and maintain compliance monitoring processes, governance reporting metrics, dashboards, and ongoing reporting activities
Conduct internal security assessments, readiness reviews, and governance maturity initiatives
Support governance and risk management activities related to cloud platforms, SaaS environments, emerging technologies, and evolving cybersecurity threats
Partner with leadership and cross-functional stakeholders to promote a risk-aware security culture and support enterprise governance initiatives
Stay informed of evolving cybersecurity threats, regulatory requirements, and industry best practices relevant to healthcare and medical device environments
Support cross-functional initiatives related to information security awareness, governance, operational maturity, and compliance readiness

Minimum & Preferred Qualifications and Experience:

Minimum Qualifications:

7+ years of experience in information security governance, risk, and compliance (GRC), cybersecurity risk management, IT audit, compliance, or related areas
Experience leading or managing security audits or compliance initiatives related to HITRUST, ISO 27001, SOC 2, NIST, or similar frameworks
Experience conducting third-party security assessments and vendor risk reviews
Strong understanding of information security principles, risk management concepts, and security control frameworks
Ability to understand and discuss technical security concepts including identity and access management (IAM), encryption, vulnerability management, endpoint security, logging/monitoring, cloud security, and network security
Strong analytical, organizational, documentation, communication, and stakeholder management skills
Ability to manage multiple priorities and work collaboratively in a fast-paced, highly regulated environment

Preferred Qualifications:
Experience within healthcare, medical device, biotechnology, or other highly regulated industries
Familiarity with HIPAA, FDA-regulated environments, HITRUST, NIST CSF, PCI DSS, UK Cyber Essentials, NIS2 Directive, or related cybersecurity and privacy requirements
Experience using GRC tools and platforms for audit, compliance, risk management, or governance reporting activities
Experience supporting enterprise security governance or compliance maturity initiatives
Industry-recognized certifications such as CISSP, CISA, CRISC, CISM, or similar preferred

Education:

Bachelor's degree in Information Security, Cybersecurity, Information Systems, Computer Science, or related field required; or equivalent combination of education, certifications, and relevant experience

Language requirements:

Ability to read, write, and communicate effectively in English.
Ability to interpret technical documents, schematics, and written instructions.
Ability to clearly document technical findings and communicate with cross-functional team members.

Compensation:

The anticipated range for this position is $130,000 - $170,000. Actual placement within the range is dependent on multiple factors, including but not limited to skills, education, and experience. This position also qualifies for up to 10% annual bonus based on Company, department, and individual performance.

Masimo offers benefits such as Medical, Dental, Vision, Life/AD&D, Disability Insurance, 401(k), Vacation, Sick, Holiday, Paid Maternity Leave, Flexible Spending Accounts, voluntary Accident, Critical Illness, Hospital, Long-Term Care, Employee Assistance Program, Pet Insurance, on-site Wellness Clinic, Fitness Center, Caf. All benefits are subject to eligibility requirements.

Physical requirements/Work Environment

This position primarily works in an office environment and requires frequent sitting, standing, and walking. Daily use of a computer and other digital devices is required. This role may require standing for extended periods when facilitating meetings or walking through facilities.
The physical demands of the position described herein are essential functions of the job and employees must be able to successfully perform these tasks for extended periods. Reasonable accommodations may be made for those individuals with real or perceived disabilities to perform the essential functions of the job described.
Masimo is proud to be an EEOE/, M/F/D/V, and we are committed to Diversity at the corporate level.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: 10125662
  • Position Id: 9b1fa78091ab2cebc994a32283845e98
  • Posted 14 hours ago
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Santa Ana, California

Today

Full-time

USD 43.27 - 64.90 per hour

Newport Beach, California

Today

Easy Apply

Full-time

USD175,000 - USD190,000

Irvine, California

18d ago

Easy Apply

Full-time

110,000 - 120,000

Remote or Culver City, California

Today

Full-time

USD 100,000.00 - 150,000.00 per year

Search all similar jobs