Governance Risk and Compliance Specialist

About The Position

Requirements

• Associate’s degree and one (1) year of progressively responsible experience in IT or cybersecurity roles or three (3) years of progressively responsible experience in IT or cybersecurity roles.
• Familiarity with basic cybersecurity risk concepts and tools.

Nice To Haves

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• Three (3) years of progressively responsible experience in security governance, risk, or audit focused roles.
• CompTIA Security+ or equivalent cybersecurity certification.
• Practical experience with ERM tools and third-party risk management.
• Exposure to Business Continuity Planning, Disaster Recovery Planning, Business Impact Assessments and Continuity of Operations Plan (COOP) in a healthcare setting.
• Exposure to healthcare and education security frameworks (NIST, HIPAA, HITRUST, GLBA).

Responsibilities

• Participate in the development and maintenance of the organization's risk register.
• Assist in conducting basic risk assessments to identify potential threats and vulnerabilities.
• Contribute to third-party risk management by supporting vendor assessments and evaluations.
• Help in tracking and documenting remediation efforts for identified risks.
• Participate in security auditing processes under the guidance of senior staff.
• Assist in analyzing the risk associated with new applications and provide input for approvals.
• Support the maintenance of compliance documentation and reports.
• Contribute to security awareness initiatives within the organization.
• Assist in ensuring compliance with relevant regulations and standards.
• Support senior GRC team members in various GRC projects and tasks.
• Effectively communicate with team members to understand and support GRC initiatives.
• Demonstrate basic knowledge of security procedures and document activities accurately.
• Participate in team meetings, contributing insights on GRC matters.
• Develop foundational skills in interpreting and adhering to security policies.
• Exhibit a proactive approach to learning and understanding GRC best practices.
• Demonstrate strong analytical and problem-solving skills.
• Support the development, implementation, and maintenance of a comprehensive business continuity and disaster recovery plan to ensure uninterrupted delivery of critical healthcare services during emergencies.
• Help with Business Impact Assessments (BIAs) to aid in prioritizing recovery strategies for our systems.
• Assist the clinical and administrative teams to design and test BCP and DR procedures that comply with HIPPA regulations and related healthcare industry standards through disaster recovery drills and table top exercises.
• Support training and awareness programs for staff on business continuity protocols and their roles in maintaining operational awareness.
• Show exceptional attention to detail.