Information Security GRC Analyst

Position Responsibilities may include, but not limited to

• Governance & Risk Management: Contribute to the ongoing development and maintenance of the GRC framework, policies, and procedures, ensuring alignment with regulatory requirements, privacy standards, and business objectives, particularly regarding PHI protection
• HITRUST Certification: Assist with the HITRUST certification process by gathering necessary documentation, participating in assessments, and ensuring that audits are up to date and complete
• Third-Party Risk Assessments: Aid in conducting third-party risk assessments, ensuring that vendors comply with required security and privacy regulations.
• Collaboration with Cross-Functional Teams: Collaborate with internal teams (e.g., Compliance, Legal, IT) to align risk management practices across the organization and support the overall governance strategy
• Risk Reporting & Analysis: Contribute to the identification and assessment of key risks, helping to produce reports that provide actionable insights
• Continuous Improvement: Stay up to date with industry trends, regulatory changes, and emerging risks to ensure that the company’s GRC practices remain effective and relevant
• Training & Awareness: Promote risk awareness within the organization and provide training and guidance on key regulations
• Oversee tools that highlight data classification inside of the enterprise
• Assist in monitoring security logs and daily activities for suspicious behavior and escalate incidents as necessary
• Assist with the drafting, reviewing, and updating of information security policies to ensure alignment with regulatory requirements and best practices for healthcare organizations
• Actively support the organization's incident response efforts, including assisting in the investigation, containment, and remediation of security incidents
• Be part of the on-call rotation for incident response, providing critical support during after-hours or emergency security incidents

Required Skills and Experience

• Proven experience (3+ years) in GRC or risk management, with a strong focus on governance and risk
• Hands-on experience supporting the management of HITRUST certification
• Strong understanding of risk management principles, frameworks, and methodologies (e.g., NIST, ISO 27001)
• Knowledge of regulatory compliance such as HIPAA, HITRUST, GDPR, CCPA, and PCI DSS
• Experience working with cross-functional teams to drive security and risk initiatives
• Experience in conducting or supporting third-party risk assessments, especially in relation to healthcare data security and privacy
• Excellent communication skills with the ability to explain complex risk and governance concepts to both technical and non-technical stakeholders
• Strong analytical and problem-solving skills
• Ability to work independently and manage multiple priorities in a fast-paced environment
• Strong organizational and time management skills
• Continuous drive to learn and grow professionally in the fields of GRC and information security

Preferred Skills and Experience

• Relevant certifications (e.g., Security+, CRISC, CISM, CISSP) 

Physical Requirements

• Repetitive motions that include the wrists, hands and/or fingers
• Sedentary work that primarily involves sitting, remaining in a stationary position for prolonged periods
• Visual perception to perform job including peripheral vision, depth perception, and the ability to adjust focus