Info Sec GRC Analyst III

Job Summary:

The Information Security GRC Analyst III managed day to day, short and long term information security risks and ensures activities are within risk tolerance and in compliance with approved risk management policies, procedures and limits.

Essential Functions:

• Measure, monitor, and report on information security risks 
• Review and report on vendor/third party risk to support vendor risk management activities
• Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified in Vendor risk reviews
• Monitor and report on information security risk mitigation plans to ensure timely execution
• Engage employees in the management of information security risk and ensure they are aware of their accountabilities with regard to information security risk management
• Regularly assess and report to management any exceptions to information risk management policies, procedures and limits
• Engage with the Enterprise Risk Management office to ensure information risk management policies, procedures and limits are aligned with  Enterprise Risk Management policies and guidance
• Contribute and provide input to the development of operational department goals
• Acts as technical expert in functional domain
• Recommends technical advancements to improve CareSource customer and partner experiences
• Perform any other job related instructions as requested

Education and Experience:

• Bachelor Degree or equivalent years of relevant work experience required
• Minimum of seven (7) years of relevant work experience is required

Competencies, Knowledge and Skills:

• Ability to effectively prioritize and execute tasks while working both independently and in a team-oriented, collaborative environment
• Strong interpersonal skills including excellent written and verbal communication skills; listening and critical thinking; presentation skills, facilitation skills
• Ability to establish effective working relationships with stakeholders at all different levels
• Flexibility during organizational and/or business changes
• Ability to manage multiple projects while demonstrating a sense of urgency
• Effective problem-solving skills with attention to detail
• Working technical knowledge/experience of the following:
  • IT Audit
  • Application, server, and network security
  • Monitoring security events and supporting incident response activities
  • Sarbanes-Oxley (SOX) compliance
  • Microsoft Office
  • Access Management/Authentication and Authorization
  • Scurity Monitoring
  • Data Enryption
  • Computer Networking
  • Security Internet protocols (SSL, IPSEC, TCP/IP)
  • Windows Operating System
  • Project Management

Licensure and Certification:

• Certified in Risk and Information System Control (CRISC) or System Security Certified Practitioner (SSCP) preferred

Working Conditions:

• General office environment; may be required to sit or stand for extended periods of time

Compensation Range:

$92,300.00 - $161,600.00

CareSource takes into consideration a combination of a candidate’s education, training, and experience as well as the position’s scope and complexity, the discretion and latitude required for the role, and other external and internal data when establishing a salary level. We are highly invested in every employee’s total well-being and offer a substantial and comprehensive total rewards package.

Compensation Type (hourly/salary):

Salary

Organization Level Competencies

• Create an Inclusive Environment

• Cultivate Partnerships

• Develop Self and Others

• Drive Execution

• Influence Others

• Pursue Personal Excellence

• Understand the Business

This job description is not all inclusive. CareSource reserves the right to amend this job description at any time. CareSource is an Equal Opportunity Employer. We are dedicated to fostering an inclusive environment that welcomes and supports individuals of all backgrounds.