Company Overview

HealthStream is the leader in healthcare workforce solutions. We help organizations work better by helping their people work smarter.

HealthStream provides the leading learning, clinical development, credentialing, and scheduling applications delivered on healthcare's #1 platform. We streamline everyday tasks while improving performance, engagement, and safety - fostering a workplace where people flourish, and care thrives.

Why Join Us

At HealthStream, you'll have the opportunity to make a meaningful impact on the future of healthcare by collaborating with a team of talented professionals dedicated to innovation and excellence. We offer competitive compensation, comprehensive benefits, and a supportive work environment where creativity and collaboration thrive.

Our shared vision is to enhance the quality of healthcare by empowering the people who deliver care -a commitment we have upheld for over 30 years through providing innovative solutions and driving constant growth. Join us in revolutionizing the healthcare industry and shaping the future of patient care. As a HealthStreamer, you will be at the forefront of healthcare technology innovation, making a recurring impact on the industry.

We're proud of our values-forward culture that offers our people:

• Mission-oriented work
• Diverse and inclusive culture
• Competitive Compensation & Bonuses
• Comprehensive Insurance Plans
• Mental and Physical Health Support
• Work-from-home flexibility
• Fitness Center Reimbursements
• Streaming Good time off for volunteering
• Wellness workshops
• Buddy Program for new HealthStreamers
• Collaborative work environment
• Career growth opportunities
• Continuous learning opportunities
• Inspiring workspaces to collaborate and connect with other HealthStreamers
• Free employee parking at our Resource Centers in Nashville and San Diego

At HealthStream, our thriving culture encourages collaboration and values contributions, allowing our team members to continuously solve big problems and grow. We offer flexibility and paid time off to support work-life integration for all employees, including a hybrid work environment and Streaming Good volunteer day. For team members in commutable distance, HealthStream has Resource Centers in Nashville, TN and San Diego, CA. Our resource centers provide an inspiring workspace to collaborate and recharge as well as company-sponsored onsite social events for development, connection, and celebration.

We are committed to driving innovation in healthcare and ensuring that patients receive competent care from qualified professionals. As a HealthStream team member, you will help bring this vision to life. If you want to work for a company committed to its values and vision, HealthStream is the place for you!

HealthStream is an equal opportunity employer. HealthStream prohibits employment practices that discriminate against individual employees or groups of employees on the basis of age, color, disability, national origin, race, religion, sex, sexual orientation, pregnancy, veteran or military status, genetic information or any other category deemed protected by state and/or federal law.

Position Information

Position Overview

The Governance, Risk, & Compliance (GRC) Analyst is a key member of the Information Security team, responsible for policy management, risk assessment and response, and internal auditing for compliance. The GRC Analyst will stay current on leading security research, industry standards, and best practices.

Key Responsibilities

You will be responsible for adhering to all HealthStream security policies, procedures, and assigned training.

• Advise on the implementation of security controls, risk assessment frameworks, and programs aligned to regulatory and management requirements, ensuring adoption of controls as well as identification and mitigation of gaps.
• Revise/update policies, procedures, guidelines, controls, and processes based on audit findings, best practices, and/or compliance framework requirements.
• Improve HealthStream's security positioning through cross-departmental process improvement, policy automation, and the continuous evolution of capabilities.
• Develop risk registers, execute risk assessments, and implement response strategies as defined by the Risk Committees and cross-departmental SMEs.
• Investigate information security risks and evaluate potential resolutions to be presented to leadership for implementation.
• Perform auditing reviews monthly, quarterly, and annually (e.g., SOC 2, HITRUST, PCI DSS) as required to maintain compliance.
• Translate and present security analyses, audit results, and control terminology, providing understandable and actionable guidance.
• Facilitate third-party risk management processes by coordinating with vendors and internal stakeholders to assess appropriate documentation and support ongoing monitoring.
• Review security access tickets and other requests sent to the GRC group.
• Oversee crisis plan development, including regular training, testing, and documentation maintenance (e.g., Business Impact Analysis, Business Continuity Plans, Disaster Recovery Plans).
• Produce and maintain information security awareness training for all corporate users as well as targeted groups.
• Advise on customer-requested security questionnaires and attend client requested meetings to provide documents and answer questions in real time.
• Assess new and existing software for compliance with information governance controls (e.g., access, authentication, encryption, logging, retention).
• Adhere to HealthStream security policies and procedures as well as complete all required training.
• Additional responsibilities as assigned.

Qualifications

Requirements

• Bachelor or Graduate degree in Computer Science, Cybersecurity, or related field AND 2-3 years' experience in a GRC role
  
• Current security certifications (e. g., CGRC, Security+, CRISC) or be willing to obtain within one year of assignment
  
• Knowledge of information security management, governance, and compliance principles, practices, laws, rules, and regulations
  
• Basic understanding of common security and privacy frameworks and regulations (e.g., ISO, COBIT, NIST, HIPAA, CCPA)
  
• Familiarity with risk management practices (e.g., NIST RMF, CSF) and risk-based thinking
  
• Experience documenting and optimizing processes using both technological as well as communication skills
  

Qualifications

• Drive to achieve continuing professional development.
  
• Able to quickly learn and apply knowledge to new situations.
  
• Adept at understanding a variety of risk and compliance software management applications.
  
• Can securely handle sensitive and confidential matters, situations, and data.
  
• Experience working with diverse academic, cultural, and ethnic backgrounds.
  
• Demonstrates professional level of written and verbal communication skills, including the ability to receive verbal direction and take necessary actions.
  
• Has access to secure Internet connection and working area.
  
• Demonstrate unwavering integrity and ethical judgement.
  
• Accountable for successful completion of multiple, individually assigned projects.
  
• Communicate effectively by contributing significantly to the development and delivery of a variety of written documents and presenting to all organization levels.
  
• Manage a rapidly evolving environment and demonstrate adaptability by embracing change and adjusting priorities, processes, and approaches as needed.
  
• Take ownership for successes and failures of project assignments and actively present suggestions for solution(s) if objectives are not met.
  
• Coordinate and conduct cross-departmental meetings, gathering requirements in real time.
  

Compensation

• The salary range for this position is $78, 629- $95, 000.Salary will be determined on the candidate's level of experience and qualifications. Compensation will be commensurate with skills, relevant experience, and performance in similar roles.
  

Benefits

HealthStream offers a comprehensive benefits package to eligible employees, including:

• Medical, Dental and Vision insurance
  
• Paid Time Off
  
• Parental Leave
  
• 401k and Roth
  
• Flexible Spending Account
  
• Health Savings Account
  
• Life Insurance
  
• Short- and Long-Term Disability
  
• Medical Bridge Insurance
  
• Critical Illness Insurance
  
• Accident Insurance
  
• Identity Protection
  
• Legal Protection
  
• Pet Insurance
  
• Employee Assistance Program
  
• Fitness Reimbursement
  

Are you passionate about enhancing healthcare outcomes and empowering healthcare professionals? Join the HealthStream team and become a HealthStreamer! Together, we can make a difference in the world of healthcare.