Cyber Security GRC Specialist

Why Choose GMR? Global Medical Response's (GMR) and its family of solutions are dedicated to delivering compassionate, quality medical care, primarily in the areas of emergency and patient relocation services. Here you'll embark in meaningful work that will make an impact on you and the customers we service. View our employees' stories on how we provide care to the world at www.AtaMomentsNotice.com.

The GMR Cyber Security Governance, Risk, and Compliance (GRC) will support and improve our cybersecurity policies, risk assessments, and compliance efforts. This role involves working across teams to evaluate risks, support audits, review contracts, assess vendors, and help maintain security standards. Healthcare industry experience is a big plus.

• Support GRC projects including internal/external risk assessments, vendor reviews, and policy evaluations.
• Respond to audits, RFIs/RFPs, and client security questionnaires.
• Conduct risk analysis and document threats, controls, and remediation plans.
• Perform vendor risk assessments and communicate compliance requirements.
• Review contracts and agreements (e.g., BAA, ISA) for security requirements.
• Help develop and maintain cybersecurity policies and procedures.
• Manage policy exceptions and coordinate with subject matter experts.
• Collaborate with engineers to recommend tools and processes that reduce risk.
• Stay current on security trends and technologies.
• Assist with security awareness training and compliance programs.
• Support audits and regulatory initiatives across the organization.

• Bachelor's degree in Computer Science, Information Security and Assurance, Risk Management, Information Systems, Security Engineering or related major. Four years of security related experience can be substituted.
• CISA, CISSP, or CRISC certification (or passing of test) is preferred.
• Solid understanding of IT Security Governance, Risk, and Compliance (GRC) and hands-on experience with risk assessments.
• Broad knowledge of IT and cybersecurity, covering technical, administrative, physical, and operational security areas.
• Familiar with related domains like Disaster Recovery, Business Continuity, Audit response, and Security Training.
• Strong ability to collaborate across teams and levels, including business, legal, and IT stakeholders.
• Skilled in interpreting business and technical requirements and recommending best practices.
• Excellent analytical and consultative skills, with sound judgment and adaptability in fast-paced environments.
• Able to multitask, manage shifting priorities, and communicate complex compliance and technical concepts clearly.
• 2+ years of experience in cybersecurity or related GRC responsibilities
• Strong understanding of compliance frameworks (e.g., NIST, HIPAA, HITRUST, ISO 27001, SOC2, PCI)
• Experience with cloud security concepts and risk assessment tools (e.g., Archer, Allgress, CORL)
• Familiarity with identity and access management platforms
• Healthcare GRC experience preferred

Location: Remote, CO

Annual Compensation: $114,000.00 DOE

EEO Statement

Global Medical Response and its family of companies are an Equal Opportunity Employer, which includes supporting veterans and providing reasonable accommodations for individuals with a disability.