GRC Expert

GRC Expert

Descriptio

nAbout Velser

aMedicine moves too slow. At Velsera, we are changing that

.Velsera was formed in 2023 through the shared vision of Seven Bridges and Pierian, with a mission to accelerate the discovery, development, and delivery of life-changing insights

.Velsera provides software and professional services for

• :AI-powered multimodal data harmonization and analytics for drug discovery and developmen
• tIVD development, validation, and regulatory approva
• lClinical NGS interpretation, reporting, and adoptio

nWith our headquarters in Boston, MA, we are growing and expanding our teams located in different countries

!What will you d

o?Compliance & Governan

• ceDevelop, implement, and maintain comprehensive information security policies, standards, and procedures aligned with the ISO 27001 framewo
• rkLead, manage, and mature the organization's Information Security Management System including risk treatment, internal audits, and readiness for external certification audit
• s.Serve as the subject matter expert (SME) for Security and Privacy Rules, ensuring compliance for all systems, processes, and applications handling PII and Protected Health Information (PHI
• ).Conduct continuous monitoring and evidence collection to demonstrate compliance with relevant framework
• s.Plan, conduct and manage internal and supplier audi
• tsPlan GRC activities, prioritise and implement them in timebound manne
• r.Perform detailed security risk assessments and gap analyses on new and existing systems, with a focus on cloud infrastructu
• reCollaborate with Product, Technology, IT and Security teams to implement security controls into cloud / infra / environments, ensuring compliance. Provide technical guidance to them on implementing controls and best practices, specifically related to cloud security architecture and configuration
• s.Review risk mitigations periodically and track remediation efforts to closur
• e.Conduct third-party vendor risk assessments, focusing on their adherence to required compliance standard
• s.Develop and deliver targeted security awareness and training programs focused on HIPAA and ISO 27001 requirements for all staff, including technical team
• s.Evaluate and recommend new security technologies and processes to enhance the compliance and risk postur
• e.Stay current on emerging cloud security threats, regulatory changes, and updates to the ISO 27001 family of standards and HIPA

A.Requireme

ntsWhat do you bring to the tab

le?· Experien

• ce:Minimum of 8+ years of progressive experience in Information Security GRC, with a focus on risk management, compliance, and governan
• ce.Proven, hands-on experience driving and maintaining ISO 27001 certification progra
• ms.Deep practical knowledge and experience of implementing security controls ensuring compliance in a technical, cloud-centric environme
• nt.Strong technical competency in Cloud Security (AWS, Azure, or GCP) and related cloud-native security servic
• es.Education: Bachelor's degree in IT, Computer Science or related fie
• ld.Certifications (One or more highly preferre
• d):CISSP (Certified Information Systems Security Profession
• al)CISA (Certified Information Systems Audit
• or)ISO 27001 Lead Implementer/Audi
• torCCSK (Certificate of Cloud Security Knowledge) or equivalent Cloud-specific security certification (e.g., AWS Certified Security, Azure Security Enginee

r).
Soft Sk

• illsProficiency in written and verbal communication skills with the ability to translate complex security and compliance requirements / controls into clear action
• ableStrong project management and organizational skills to handle multiple, simultaneous audit and compliance initiati
• ves.A collaborative and proactive mindset, with the ability to influence and lead cross-functional teams without direct author

ity.Bene

• fitsFlexible Work & Time Off - Embrace hybrid work models and enjoy the freedom of unlimited paid time off to support work-life bala
• nce.Health & Well-being - Access comprehensive group medical and life insurance coverage, along with a 24/7 Employee Assistance Program (EAP) for mental health and wellness supp
• ort.Growth & Learning - Fuel your professional journey with continuous learning and development programs designed to help you upskill and g
• row.Recognition & Rewards - Get recognized for your contributions through structured reward programs and campai
• gns.Engaging & Fun Work Culture - Experience a vibrant workplace with team events, celebrations, and engaging activities that make every workday enjoya
• ble.& Many Mor