Governance Risk & Compliance Analyst III

About The Position

Requirements

• A bachelor’s degree in computer science or technology/information security-related field or equivalent experience
• Minimum of four (4) years of direct experience in a GRC role where risk-based methodology is used.
• Certified in Risk and Information Systems Controls (CRISC) or equivalent.
• Certified Information Systems Auditor (CISA) is preferred.
• Experience responding to client security questionnaires.
• Strong understanding of ISO-27000 based security program functional areas and other commonly accepted standards (e.g., NIST, OWASP, CIS Benchmarks, Trust Services Principles)
• Familiarity of relevant healthcare regulatory requirements
• Knowledge of computer networking, operating systems, application development, cloud base solutions, and information security tools
• Robust understanding and proficiency with compliance and audit processes associated with major federal and industry regulations (e.g., HIPAA)
• Experience participating in a HITRUST R2 audit cycle.
• Strong understanding of policy, compliance, and best practice security principles
• Excellent analytical, decision-making, and problem-solving skills
• Exceptional communication skills, both verbally and in writing, to technical and non-technical audiences of various levels.
• Able to work independently with minimal guidance.

Nice To Haves

• Certified Information Systems Auditor (CISA) is preferred.

Responsibilities

• Create monthly reporting by analyzing and reporting on the effectiveness of IT security controls and risk exposure.
• Assess and continuously monitor that all applicable regulatory requirements are met, and security controls are managed and maintained.
• Perform information security risk evaluations on reported IT issues.
• Advise and guide the business and IT partners on the appropriateness of security measures to mitigate risk and reduce risk exposure.
• Educate the business and IT partners on alterative security measures where security requirements are unable to be met.
• Track remediation plans through to successful implementation with the business and IT partners.
• Participate in IT initiatives as necessary to ensure security control measures are addressed and imbedded in business-as-usual activities prior to project completion.
• Develop information security processes and procedures and continuously improve security aspects of operating processes.
• Serve as the primary point of contact for external auditors.

Benefits

• Competitive salary based on your experience and skills – we believe the top talent deserves the top dollar
• Bonus Potential (based on role and is discretionary) – if you go above and beyond, you should be rewarded
• 401k plans– we want to empower you to prepare for your future
• Room for growth and advancement- we love our employees and want to develop within
• Comprehensive Medical, Dental, and Vision insurance plans
• Tax-free Dependent Care Account
• Life insurance, short-term, and long-term disability
• Excellent PTO policy (everyone deserves a vacation now and then)
• Great work-life balance environment- We believe family comes first!
• Strong supportive teams- There is always a helping hand when you need it