GRC Analyst II

Building Location:Peerless Building

Department:47530 Information Security

Job Description:Job Title: GRC Analyst II (Governance, Risk, and Compliance Analyst II)
Reports to: GRC Manager

Job Summary

The GRC Analyst II is responsible for supporting the organization's governance, risk management, and compliance initiatives. This role involves conducting regulatory compliance audits, performing third-party risk management assessments, reviewing internal and external IT systems for control gaps, managing the risk registry, developing information security policies and procedures, and collaborating with internal and external partners to mitigate security vulnerabilities and other risks.

Key Responsibilities
Regulatory Compliance Audits: Conduct thorough audits to ensure the organization complies with relevant laws, regulations, and industry standards (e.g., HIPAA, GDPR, ISO 27001).
Third-Party Risk Management Assessments: Evaluate and monitor third-party vendors and partners to identify and mitigate potential risks associated with their services.
Control Gap Analysis: Review internal and external IT systems to identify control gaps and recommend solutions to strengthen security posture.
Risk Registry Management: Maintain and update the organization's risk registry, tracking identified risks, mitigation plans, and status updates.
Policy Development: Assist in creating and updating information security policies and procedures to align with best practices and regulatory requirements.
Risk Mitigation Communication: Collaborate with internal teams and external partners to communicate identified risks and coordinate mitigation strategies for security vulnerabilities.
Documentation and Reporting: Prepare detailed reports on audit findings, risk assessments, and compliance status for management review.
Stakeholder Collaboration: Work closely with IT, legal, and business units to ensure alignment of GRC objectives and practices.
Security Awareness: Support the development and delivery of organizational security awareness programs to educate employees on security policies and best practices.
Continuous Improvement: Stay informed about the latest trends and developments in governance, risk management, and compliance to enhance the organization's GRC programs.




Required Qualifications
Minimum of 3-5 years of experience in governance, risk, and compliance roles.
Strong knowledge of regulatory compliance requirements and industry standards relevant to the organization.
Experience conducting audits, risk assessments, and control gap analyses.
Familiarity with risk management frameworks (e.g., ISO 31000, NIST).
Excellent analytical, problem-solving, and organizational skills.
Strong communication skills, both written and verbal, with the ability to convey complex information clearly.
Ability to work collaboratively with cross-functional teams and manage multiple priorities.

Preferred Qualifications
Bachelor's degree in Information Security, Computer Science, Business Administration, or a related field.
Relevant certifications such as CISA, CRISC, or CompTIA Security+ are preferred.
Experience in vulnerability management and understanding of common security vulnerabilities and remediation techniques.
Prior experience in developing and implementing security policies and procedures.
Healthcare IT Experience: Experience working in the healthcare industry, with a strong understanding of HIPAA compliance, electronic health record (EHR) systems, and the unique security challenges in healthcare environments.
Proficiency in using GRC tools and software applications.

Education Qualifications:

Bachelors degree in information technology, information security, or relevant field of study and 2 years of experience in information security or as a server, desktop or network analyst

OR

Associates degree in information technology, information security, or relevant field and a minimum of 4 years experience in information security or as a server, desktop or network analyst

OR

A minimum of 6 years experience in information security, or as a server, desktop or network analyst

Licensure/Certification Qualifications:

FTE:1

Possible Remote/Hybrid Option:

Remote

Shift Rotation:Day Rotation (United States of America)

Shift Start Time:8:00

Shift End Time:4:30

Weekends:None

Holidays:No

Call Obligation:No

Union:

Union Posting Deadline:

Compensation Range:

$73,299.20 - $109,948.80

Employee Benefits at Essentia Health*:

• Health Coverage: Medical, dental, vision, life and disability insurance, plus supplemental health benefit options to ensure employees' well-being.

• Retirement Savings Plans: 401(k) with employer contributions to support long-term financial security.

• Professional Development: Opportunities for career growth through training, tuition reimbursement, and educational programs.

• Work-Life Balance: Flexible scheduling, time off, holidays, and personal leave to help employees manage their professional and personal lives.

• Employee Wellness Programs: Initiatives focused on physical, mental, and emotional health, including fitness memberships, counseling services, and wellness activities.

*Eligibility for Essentia Health’s benefit programs vary. Please refer to the benefit summary provided to you, or contact our HR Service Center at (218) 576-0000 for more information.