Senior Governance, Risk & Compliance (GRC) Analyst

About Us

Xsolis is an AI-driven technology company with a human-centered approach, fostering collaboration between healthcare providers and payers through real-time transparency, objective data for increased accuracy and alignment of medical necessity decisions, and more efficient outcomes. Dragonfly®, its AI-driven proprietary platform, is the first and only solution to use real-time predictive analytics to continuously assign an objective medical necessity score and assess the anticipated level of care for every patient, enabling more efficiency across the healthcare system. Xsolis is headquartered in Franklin, Tennessee.

Our Values:

• Team First
• Client Passionate
• Always Curious
• Deliver Excellence

Xsolis has been ranked on the Inc. 5000 and Deloitte Technology Fast 500 lists in both 2022 and 2023 as a fastest-growing private company, and was named 2022 Best in Business among private companies by the Nashville Business Journal. Xsolis executives have been featured in Becker's Hospital Review, Becker's Payer Issues, Chief Healthcare Executive, CIO Review, Managed Healthcare Executive, Medical Economics, HIT Consultant, Healthcare IT Today, among other leading publications.

For more information, visit www.xsolis.com.

Position Summary Details

The Senior GRC Analyst is responsible for the day-to-day management and oversight of governance, risk management, and compliance with regulatory, contractual, and all information security and privacy requirements with which the organization is required to comply.

Essential Duties & Responsibilities

The essential functions include, but are not limited to the following:

• Design and oversee improvements in the organizations HITRUST CSF certifications and any other security and privacy compliance programs as required to meet regulatory requirements and standards.
• Evaluate new HITRUST AI certification and collaborate with AI Governance Committee on future implementation
• Lead HITRUST CSF version upgrades to ensure Xsolis is current and ready for recertification
• Facilitate corrective action plan (CAP) process including tracking all remediation efforts from resulting external & internal audits through to completion
• Become an expert on organizations security, privacy, and risk frameworks and controls
• Learn about the organization's products, use of AI, data use and risk tolerance.
• Manage third-party security and compliance risk assessments both at initial engagement and ongoing as appropriate for the risk rating
• Conduct comprehensive risk assessments, not limited to HIPAA, and develop mitigation strategies to manage and reduce security, privacy, and compliance risks
• Oversee the Business Impact Analysis (BIA) process
• Monitor enforcement of S&C policies and procedures that align with HITRUST CSF r2 and other industry best practices and organizational goals.
• Maintain and facilitate improvement process for required S&C documentation including policies, procedures, process designs, workflows, and other artifacts to support more efficient control implementation and auditability.
• Implement and manage GRC tooling for the organization including user administration, workflow configuration/maintenance, template maintenance, and other configurations as necessary to automate GRC processes.
• Deliver security, privacy, and compliance training programs to raise awareness and educate employees on risks and best practices including responsible use of AI, phishing simulations, and periodic training on new threats to the organization.
• Manage the security awareness program for the organization including training roadmap and phishing simulation exercises.
• Provide mentoring support and guidance to GRC Analysts I & II

Minimum Qualifications (Knowledge, Skills, and Abilities)

Education:

• Bachelor's Degree in Information Systems or equivalent experience/degree required.
• Master's degree is desirable

Experience:

• 5+ years of experience in similar GRC role
• Proven experience with maintaining security, risk, and compliance programs
• Heavy experience managing HITRUST CSF certifications, SOC attestations and HIPAA risk assessments.
• Healthcare technology industry experience highly desired.
• Industry specific professional certification such as CISA, CISM, or CRISC highly desired

Other:

• Strong working knowledge of Excel and other Microsoft Office products.
• Ability to work independently in a fast-paced, dynamic, results-oriented environment.
• Must be able to work with sensitive information and maintain confidentiality.
• Excellent communication skills.
• Well-organized, detail-oriented, and multi-tasking, with the ability to effectively prioritize assignments.
• Must be able to manage multiple projects simultaneously

Supervisory Responsibilities

This role does not have any direct reports and is a single contributor role.

Working Environment and Travel Requirements

• Work is typically in a normal office administrative environment involving minimal exposure to physical risks.
• Position requires little to moderate physical activity. Mostly sedentary work exerting up to 10 pounds of force occasionally or a negligible amount of force to lift, carry, push, pull, or otherwise move objects. Work involves sitting most of the time, but may involve walking or standing for brief periods of time. No significant stooping is usually required.
• Minimum Travel Required

Physical Demands & Work Environment

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this position.

Reasonable accommodations may be made to enable individuals with disabilities to perform the functions.

Where We'll Go Together

Our company is shaping intelligent decision-making for healthcare. As a part of our team, you'll be a key player in realizing that vision as well as a valued contributor to the culture and climate we wish to create. Our wins are your wins, and we're dedicated to making you feel your work matters (it truly does).

If any of this speaks to you, let's get in touch.

Candidates must successfully pass a background check and drug screen prior to beginning employment with XSOLIS.

XSOLIS is an equal opportunity employer that is committed to hiring based upon merit, skills, experience, and qualifications. We recognize the importance of an inclusive and diverse workforce that celebrates all individuals from all walks of life. We encourage everyone to apply regardless of gender identity, race, veteran status, age, sexual orientation, or any other protected class.

All employees of XSOLIS fall under the same security role, which includes access to sensitive information, including proprietary data and PHI.