Job Description

Senior GRC Analyst

Governance Activities

●Perform Policy review aligned to common cyber security frameworks.  

●Identifies and evaluates complex business and technology risks, internal controls that mitigate risks, and related opportunities for internal control improvement relative to established policies, procedures, regulations and cyber security frameworks (HIPAA, HITRUST)

●Monitors and identifies the broader impact of current decisions related to policies, implemented controls and projected needs as the security environment changes over time.

●Executes on regular/annual risk assessments (meaningful use, NIST CSF, HITRUST).  Maintains accurate record of the current state of the governance program.

●Responsible for the third-party risk management program.  Should have experience in artifacts verification and response preparation aligned to HITRUST, NIST CSF framework

●Executes on third-party risk assessments and maintains a prioritized inventory of approved vendors with an associated recertification schedule.

●Experience in facing external audits ( HIPPA, SOC etc)

Awareness Activities

●Responsible for the enterprise information security training program inclusive of end-user, executive and information security staff.

●Should have experience in conducting phishing campaigns

Business Strategy/Personnel Management

●Envisions business outcomes and facilitates alignment with them

●Aligns information security governance and awareness processes across the organization, and develops and documents standards for organizational use

●Supports the Assurance Director with managing Assurance and Governance activities

●Strives to remove barriers and works across cross functional teams to deliver a unified strategy across the business

●Manage day-to-day tasks within the scope of the functions detailed within this job description. (vendor, auditor, employee, reporting and other associated interactions)

Other Responsibilities

●Fosters an understanding of the need for and application of the information security governance program, and facilitates decision making with the business users

●Builds and nurtures positive working relationships with business units

Business Acumen:

•Strong oral and written communication skills

•Be passionate about your subject matter area of expertise

•Can translate security-related matters into business terms that are clear and understandable to executives

•Can deliver under tight deadlines

•Thinks outside the box when designing systems and solutions

•Able to navigate a demanding and high-pressure environment

•Excellent presentation skills

•Can think strategically and incorporate business needs into technical roadmaps – forward thinking

•Strong problem-solving and trouble-shooting skills

•Can manage projects and execute on those objectives.

•Excellent SharePoint/Teams collaboration skills across internal affiliated audiences