Security Compliance Analyst - Contract to Hire #2108

Remote - USA /
Computer Science and Software Engineering – Security /
GRAIL is a healthcare company whose mission is to detect cancer early, when it can be cured. GRAIL is focused on alleviating the global burden of cancer by developing pioneering technology to detect and identify multiple deadly cancer types early. The company is using the power of next-generation sequencing, population-scale clinical studies, and state-of-the-art computer science and data science to enhance the scientific understanding of cancer biology, and to develop its multi-cancer early detection blood test. GRAIL is headquartered in Menlo Park, CA with locations in Washington, D.C., North Carolina, and the United Kingdom. GRAIL, LLC is a wholly-owned subsidiary of Illumina, Inc. (NASDAQ:ILMN). For more information, please visit

As a Security Compliance Analyst on the GRAIL Security team, you’ll be focused on the implementation and delivery of compliance initiatives, including but not limited to SOC2, ISO27001, PCI and HIPAA programs and projects.  Your work will be a key component in helping GRAIL build effective and compliant systems and infrastructure to ensure successful completion of audits and help secure Grail’s assets.


    • Assist periodic compliance audits, facilitate risk assessments and conduct related ongoing compliance monitoring activities to ensure that processes and systems are compliant
    • Help support remediation/implementation activities for compliance gaps
    • Assist with external security audits, such as ISO27001, HIPAA, SOC2, PCI, and HiTrust
    • Resolve security policy and control issues and drive feedback from internal stakeholders, external auditors and customers 
    • Serve as an SME to help translate compliance requirements to technical/non-technical implementations
    • Serve as a key resource for identifying cross functional stakeholders for compliance projects
    • Collaborate with various teams in completing assessments
    • Provide help in compiling compliance and risk data points for management and assist in summarizing for strategic guidance
    • Review and synthesize compliance requirements and identify gaps in policies/compliance-related documentations
    • Draft, review, and propose new/updates to security policies as needed
    • Assist in further improving third party risk assessment process
    • Assist with other GRC activities as needed

Minimum qualifications:

    • Bachelor’s degree in Computer Science, Information System, Cyber Security or other related degrees.
    •  Three plus years of direct work experience in Compliance and Security
    • Practical knowledge with one or more control frameworks, such as ISO27001, SOC2, PCI etc.
    • Excellent organizational and relationship management skills
    • Strong interest in IT/Cloud Security
    • Strong project management, critical thinking and analytical skills
    • Excellent verbal and written communication skills with the ability to present critical issues to a wide audience and different levels
    • Strong written and oral communication skills
    • Able to handle ambiguity and collaborate effectively in order to provide clarity in implementing compliance/security solutions

Preferred qualifications:

    • 3+ years of professional work experience in Compliance Program, Risk, and Audit preferred
    • Experience leading external audits preferred
    • Experience in the Biotechnology industry
    • Familiarity/understanding of AWS security tools
    • Proficiency at using project management and collaboration tools such as JIRA, Confluence and Slack
GRAIL is an Equal Employment Office and Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status. We will reasonably accommodate all individuals with disabilities so that they can participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Following extensive monitoring, research, consideration of business implications, and advice from internal and external experts, GRAIL has made the decision to require all U.S. employees receive the COVID-19 vaccines as a condition of employment. “Full vaccination” is defined as two weeks after both doses of a two-dose vaccine or two weeks since a single-dose vaccine has been administered. Anyone unable to be vaccinated, either because of a sincerely held religious belief or a medical condition or disability that prevents them from being vaccinated, can request a reasonable accommodation.