| The Governance, Risk & Compliance (GRC) Analyst - Intermediate will collaborate with process owners, internal auditors, external auditors, and other stakeholders in order to assist in reviewing, monitoring, and resolving cybersecurity risk. This includes helping the organization manage HITRUST, HIPAA and NIST Common Security Framework (CSF) audits and attestations. By supporting the implementation of internal and external assessments, responding to and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards including SOC2, ISO 27001, PCI-DSS, SOX, and other GRC activities, the Principal GRC Analyst will also contribute to managing the organization?s IT compliance program. |
| Lead the execution and reporting of outcomes derived from Third Party Risk Assessments. Manage the completion of risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with NIST and HITRUST standards. Manage and monitor a central repository for all security risks and audit evidence. Maintain security standards, policies, and practices on an annual basis to make sure they meet organizational and regulatory requirements. Manage a security awareness training program in order to educate associates about security compliance standards, risk management practices, and ethical behavior. Collaborate with legal and compliance teams to ensure policies and security controls align with regulatory requirements. Conduct internal audits to assess the effectiveness of security controls and identify areas for improvement. Performs other duties as assigned. |
| EDUCATION: |
| Required: Bachelor's Degree and/or equivalent experience |
| EXPERIENCE: |
| Required: 5 years |
| LICENSURE/CERTIFICATION/REGISTRY/LISTING: |
| Required: Certified Information Systems Auditor (CISA) - Obtain within 12 months. |
Software Powered by iCIMS
www.icims.com