Principal GRC Specialist Only 24h Left

About Velsera

Medicine moves too slow. At Velsera, we are changing that.

Velsera was formed in 2023 through the shared vision of Seven Bridges and Pierian, with a mission to accelerate the discovery, development, and delivery of life-changing insights.

Velsera provides software and professional services for:

- AI-powered multimodal data harmonization and analytics for drug discovery and development
- IVD development, validation, and regulatory approval
- Clinical NGS interpretation, reporting, and adoption

With our headquarters in Boston, MA, we are growing and expanding our teams located in different countries

What will you do?

Governance and Policy Development

- Develop, implement, and maintain governance policies, SOPs, and related documentation.
- Ensure all policies align with industry standards (e.g., FedRAMP, NIST SP 800-53, ISO 27001 family, and HIPAA).
- Monitor policy effectiveness and recommend updates based on organizational changes or regulatory updates.

Risk Management

- Conduct risk assessments to identify vulnerabilities, threats, and compliance gaps.
- Collaborate with cross-functional teams to design and implement remediation strategies.
- Maintain risk registers and monitor mitigation efforts.

Compliance Oversight

- Support the organization in achieving and maintaining FedRAMP certification.
- Manage periodic audits, security assessments, and readiness activities for compliance frameworks.
- Track and report on compliance metrics, audit findings, and resolution status.

Training and Awareness

- Develop and deliver training programs to enhance employee understanding of compliance policies and procedures.
- Act as a point of contact for compliance-related queries within the organization.

Incident Response and Reporting

- Support incident response processes to ensure effective investigation and reporting of compliance-related incidents.
- Collaborate with stakeholders to implement corrective actions and prevent recurrence.

Vendor and Third-Party Risk Management

- Assess third-party vendors for compliance with organizational policies and standards.
- Ensure contracts include appropriate compliance requirements.

Requirements

What do you bring to the table?

Education & Experience

- Overall 12- 15 years of relevant experience
- Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or related field (Master's preferred).
- 3+ years of experience in governance, risk, and compliance roles, with specific experience in FedRAMP compliance.

Knowledge & Skills

- Strong understanding of FedRAMP, NIST SP 800-53, ISO 27001, and other relevant frameworks.
- Experience in drafting policies, procedures, and SOPs.
- Familiarity with GRC tools and platforms (e.g., Archer, ServiceNow GRC).
- Excellent communication and documentation skills.
- Analytical mindset with attention to detail.

Certifications (Preferred)

- Certified Information Systems Security Professional (CISSP)
- Certified Information Systems Auditor (CISA)
- Certified Information Security Manager (CISM)
- ISO 27001 Lead or Internal auditor

Benefits

- Flexible Work & Time Off - Embrace hybrid work models and enjoy the freedom of unlimited paid time off to support work-life balance.
- Health & Well-being - Access comprehensive group medical and life insurance coverage, along with a 24/7 Employee Assistance Program (EAP) for mental health and wellness support.
- Growth & Learning - Fuel your professional journey with continuous learning and development programs designed to help you upskill and grow.
- Recognition & Rewards - Get recognized for your contributions through structured reward programs and campaigns.
- Engaging & Fun Work Culture - Experience a vibrant workplace with team events, celebrations, and engaging activities that make every workday enjoyable.
- & Many More...

---