Principal GRC, Specialist

Welcome to the era of Velsera! Seven Bridges, Pierian & UgenTec have combined to become Velsera.

Velsera is the precision engine company. We empower researchers, scientists, and clinicians to drive precision R&D, expand access to, and more effectively leverage analytics at the point of care. 

We unify technology-enabled solutions and scientific expertise to enable a continuous flow of knowledge across the global healthcare ecosystem. This interweaves diverse biomedical communities, allowing them to build upon each other’s success and accelerate medical breakthroughs that positively impact human health.

With our headquarters in Boston, MA, we are growing and expanding our team which located in 14 different countries!

What will you do?

Governance and Policy Development    

- Develop, implement, and maintain governance policies, SOPs, and related documentation. 

- Ensure all policies align with industry standards (e.g., FedRAMP, NIST SP 800-53, ISO 27001 family, and HIPAA). 

- Monitor policy effectiveness and recommend updates based on organizational changes or regulatory updates. 

Risk Management    

- Conduct risk assessments to identify vulnerabilities, threats, and compliance gaps. 

- Collaborate with cross-functional teams to design and implement remediation strategies. 

- Maintain risk registers and monitor mitigation efforts. 

Compliance Oversight    

- Support the organization in achieving and maintaining FedRAMP certification. 

- Manage periodic audits, security assessments, and readiness activities for compliance frameworks. 

- Track and report on compliance metrics, audit findings, and resolution status. 

Training and Awareness    

- Develop and deliver training programs to enhance employee understanding of compliance policies and procedures. 

- Act as a point of contact for compliance-related queries within the organization. 

Incident Response and Reporting    

- Support incident response processes to ensure effective investigation and reporting of compliance-related incidents. 

- Collaborate with stakeholders to implement corrective actions and prevent recurrence. 

Vendor and Third-Party Risk Management    

- Assess third-party vendors for compliance with organizational policies and standards. 

- Ensure contracts include appropriate compliance requirements. 

What do you bring to the table?

Education & Experience    

- Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or related field (Master’s preferred). 

- 3+ years of experience in governance, risk, and compliance roles, with specific experience in FedRAMP compliance. 

Knowledge & Skills    

- Strong understanding of FedRAMP, NIST SP 800-53, ISO 27001, and other relevant frameworks. 

- Experience in drafting policies, procedures, and SOPs. 

- Familiarity with GRC tools and platforms (e.g., Archer, ServiceNow GRC). 

- Excellent communication and documentation skills. 

- Analytical mindset with attention to detail. 

Certifications (Preferred)    

- Certified Information Systems Security Professional (CISSP) 

- Certified Information Systems Auditor (CISA) 

- Certified Information Security Manager (CISM) 

- ISO 27001 Lead or Internal auditor

People first. We create collaborative and supportive environments by operating with respect and flexibility to promote mental, emotional and physical health. We practice empathy by treating others the way they want to be treated and assuming positive intent. We are proud of our inclusive diverse team and humble ourselves to learn about and build our connection with each other.

Patient focused. We act with swift determination without sacrificing our expectations of quality. We are driven by providing exceptional solutions for our customers to positively impact patient lives. Considering what is at stake, we challenge ourselves to develop the best solution, not just the easy one. 

Integrity. We hold ourselves accountable and strive for transparent communication to build trust amongst ourselves and our customers. We take ownership of our results as we know what we do matters and collectively we will change the healthcare industry. We are thoughtful and intentional with every customer interaction understanding the overall impact on human health. 

Curious. We ask questions and actively listen in order to learn and continuously improve. We embrace change and the opportunities it presents to make each other better. We strive to be on the cutting edge of science and technology innovation by encouraging creativity. 

Impactful. We take our social responsibility with the seriousness it deserves and hold ourselves to a high standard. We improve our sustainability by encouraging discussion and taking action as it relates to our natural, social and economic resource footprint. We are devoted to our humanitarian mission and look for new ways to make the world a better place. 

Velsera is an Equal Opportunity Employer:
Velsera is proud to be an equal opportunity employer committed to providing employment opportunity regardless of sex, race, creed, colour, gender, religion, marital status, domestic partner status, age, national origin or ancestry.