Information Security GRC Analyst III

About The Position

Requirements

• Bachelor Degree or equivalent years of relevant work experience required
• Minimum of seven (7) years of relevant work experience is required
• Ability to effectively prioritize and execute tasks while working both independently and in a team-oriented, collaborative environment
• Strong interpersonal skills including excellent written and verbal communication skills; listening and critical thinking; presentation skills, facilitation skills
• Ability to establish effective working relationships with stakeholders at all different levels
• Flexibility during organizational and/or business changes
• Ability to manage multiple projects while demonstrating a sense of urgency
• Effective problem-solving skills with attention to detail
• Working technical knowledge/experience of the following: IT Audit
• Application, server, and network security
• Monitoring security events and supporting incident response activities
• Sarbanes-Oxley (SOX) compliance
• Microsoft Office
• Access Management/Authentication and Authorization
• Scurity Monitoring
• Data Enryption
• Computer Networking Security
• Internet protocols (SSL, IPSEC, TCP/IP)
• Windows Operating System
• Project Management

Nice To Haves

• Certified in Risk and Information System Control (CRISC) or System Security Certified Practitioner (SSCP) preferred

Responsibilities

• Measure, monitor, and report on information security risks
• Review and report on vendor/third party risk to support vendor risk management activities
• Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified in Vendor risk reviews
• Monitor and report on information security risk mitigation plans to ensure timely execution
• Engage employees in the management of information security risk and ensure they are aware of their accountabilities with regard to information security risk management
• Regularly assess and report to management any exceptions to information risk management policies, procedures and limits
• Engage with the Enterprise Risk Management office to ensure information risk management policies, procedures and limits are aligned with Enterprise Risk Management policies and guidance
• Contribute and provide input to the development of operational department goals
• Acts as technical expert in functional domain
• Recommends technical advancements to improve CareSource customer and partner experiences
• Perform any other job related instructions as requested

Benefits

• bonus tied to company and individual performance
• substantial and comprehensive total rewards package