IT GRC Compliance & Audit Program Manager

About The Position

Requirements

• A Bachelors degree in Information Security, Computer Science, Information Management Systems, or related field required; An advanced degree is strongly preferred.
• 5 years of experience in a combination of governance, risk management, information security and technology jobs.
• 3+ years of experience in a risk management and/or IT audit support role.
• Five plus years of experience in a large over 2,000 end users Healthcare IT Enterprise preferred.
• Experience working within an information security function using ISO 27000, NIST CSF, or NIST 800-53, HIPAA, or HITRUST Common Security Framework.
• Experience supporting SSAE 16 or SOC 2
• Experience using ARCHER
• Professional Information Security related certification such as Certified Information Security Auditor CISA, Certified Information Security Manager CISM, or Certified Risk & Information Security Controls CRISC preferred or willing to obtain within the first year of employment.

Nice To Haves

• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)

Responsibilities

• The ITGRC Compliance and Audit Professional is responsible for the oversight and coordination of all IT audit activities both internal and external.
• The role works closely with Compliance, Internal Audit and other departments in the coordination of planning, responding, and tracking assessment and audit activities related to both Information Security and Information Technology.
• In addition, this role will support the operationalization of the GRC management functions to ensure compliance with established security controls, industry frameworks, regulatory and legal requirements, organizational policies, and standards.
• Compliance and Audit Specialist will collaborate with the CISO on the risk management program, including risk assessments, risk analysis, internal and external audits, vendor security risk program and risk register management.
• Other key activities included in the ITGRC Compliance and Audit Professional will include reviewing existing security policies, assessing that procedures are implemented in accordance with security policies and standards, and that security metrics are being measured.
• Responsible for identifying, tracking, and communicating federal, state, local and other pertinent regulatory requirements and regulatory changes impacting both the delivery system and the plan. adapting industry trends for enterprise strategic, financial and IT solutions to senior executive leaders.
• Supports the implementation PHS information governance, risk, and compliance processes.
• Manage the assessment and audit roadmap to support the internal and external assessments and audits required for both the delivery system and the plan.
• Provides oversight for IT policies, procedures and standards.
• Participates in the development and maintenance of policies, procedures, measures, and mechanisms to deliver GRC, and meet customer requirements.
• Communicates internal and external assessment and audit findings to the CISO and IT Leadership and supports and monitors ITGRC roadmap objectives in the development of effective course of action; and implementation of recommendations.
• Maintains relationships with Legal Privacy, Internal Audit, Quality Regulatory, and Finance.

Benefits

• All benefits-eligible Presbyterian employees receive a comprehensive benefits package that includes medical, dental, vision, short-term and long-term disability, group term life insurance and other optional voluntary benefits.
• Presbyterian's Employee Wellness rewards program is designed to provide you with engaging opportunities to enhance your health and activate your well-being. Earn gift cards and more by taking an active role in our personal well-being by participating in wellness activities like wellness challenges, webinar, preventive screening and more.