Identify Security on TwitterIdentify Security on FacebookIdentify Security on LinkedImIdentify Security Blog RSS Feed

Sr. GRC Analyst

Our client is seeking a Senior Governance, Risk, and Compliance (GRC) Analyst (SGRCA) to join our Information Security team. The SGRCA works autonomously to support internal and external audits, third party risk management, attestation activities, and contract support as required by common compliance frameworks, law and/or regulation.

Required Experience:

3

+ Years
Job Locations:

Kansas City, MO / Dallas, TX

Location Restrictions:

Onsite

Basic Qualifications and

This role also supports the company’s ability to provide global services through direct oversight of third party certification audits and assessments that are necessary to independently assess the maturity of MedeAnalytics’ security posture.

Reporting to the Chief Security Officer, the ideal candidate must possess a solid knowledge base of common compliance frameworks and internal control application across common business processes, technologies, and security considerations.  He/she must possess strong interpersonal and communication skills as a key part of this position, and will be working closely with business and functional leaders as well as external partners and clients.

Responsibilities
  • Lead the evaluation of compliance risks and processes in complex information system environments to ensure appropriate controls exist, efficiency and accuracy with processes exist, and information system procedures comply with corporate policies and standards.
  • Lead the client audit engagement process by identifying requirements, coordinating schedules, communicating deliverables, tracking progress and delivering successful results.
  • Manage the third party risk assessment process to ensure that the client acquires and/or maintains required certifications (e.g., ISO27001/2, SOC 1 & 2, HITRUST, GDPR, NIST, HIPAA, FISMA, etc.).
  • Work across multiple business units in a timely manner to develop response materials and action plans to address any anticipated or identified audit/assessment findings.
  • Ensure findings and remediation efforts are tracked in the company’s GRC platform.
  • Coordinate resources to support operational needs and build strong relationships with internal business and technology partners to implement and support team initiatives.
  • Provide input into the development of policies, standards, procedures and guidelines in adherence with all applicable laws, regulatory frameworks, or client contractual requirements.
  • Conduct training, as necessary, to address a variety of compliance, technical and procedural requirements.
  • Provide metrics on the effectiveness of team operations to the Chief Security Officer.
  • Works directly with Business Units to build security Governance, Risk and Compliance context for stakeholders across the organization, third party partners, and clients.
  • Ensures business unit understanding and compliance with Security Policies and Frameworks.
  • Articulates impact of observations in order to lead, coordinate, support, and monitor delivery of product/services to ensure compliance with laws, rules, regulations and guidelines.
  • Performs activities to measure and monitor compliance with compliance frameworks, company policies and procedure; provides reports to Chief Security Officer.
  • Assists in the analysis and definition of security requirements.
  • Leads internal and external certification and audit events, including discovery, delivery, management response, and remediation activities and prepares assessment summary reports.
  • Leads activities to support certification efforts and perform regulation and standard gap analysis.
  • Collaborates effectively with information technology and application development teams and members of management to solve problems and resolve disagreement with informed, rational debate.
  • Completes third-party assessment questionnaires.
  • Deep knowledge of current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy.
  • Contributes to the continuous improvement and optimization of processes for existing and new security initiatives.
  • Sustains job knowledge by tracking and understanding emerging security practices and standards, participating in educational opportunities, reading professional publications, maintaining personal networks, participating in professional organizations.
  • Perform other miscellaneous duties as assigned.

Required Skills and Experience
  • B.S. in Computer Science, Information Security, Information Technology, related degree or equivalent work experience.
  • Minimum 3 years of relevant experience in Information Security Governance, Risk and Compliance Information Security or IT Audit.
  • Certification or advanced skill in compliance, information security, audit, or related domains (e.g., CISA, CIPP, CISSP, CRISC, etc.) is required.
  • Deep understanding of common compliance frameworks and data privacy/security regulations (e.g., ISO27001/2, SOC 1 & 2, HITRUST, GDPR, NIST, HIPAA, FISMA, etc.).
  • Professional services, consulting or other client-facing experience in an audit\governance setting is preferred.
  • Experience with data analysis processes and tools is preferred.
  • Experience working with enterprise GRC platforms is preferred.
  • Requires availability to work in a 24/7 environment with overtime hours required.
  • Must be able to pass a background check.
  • Must be qualified to work in the U.S.

Interested in this position?
Fill out the form below!