Create monthly reporting by analyzing and reporting on the effectiveness of IT security controls and risk exposure.
Assess and continuously monitor that all applicable regulatory requirements are met, and security controls are managed and maintained.
Perform information security risk evaluations on reported IT issues.
Advise and guide the business and IT partners on the appropriateness of security measures to mitigate risk and reduce risk exposure.
Educate the business and IT partners on alterative security measures where security requirements are unable to be met.
Track remediation plans through to successful implementation with the business and IT partners.
Participate in IT initiatives as necessary to ensure security control measures are addressed and imbedded in business-as-usual activities prior to project completion.
Develop information security processes and procedures and continuously improve security aspects of operating processes.
Serve as the primary point of contact for external auditors.

Requirements

A bachelor’s degree in computer science or technology/information security-related field or equivalent experience
Minimum of four (4) years of direct experience in a GRC role where risk-based methodology is used.
Certified in Risk and Information Systems Controls (CRISC) or equivalent.
Certified Information Systems Auditor (CISA) is preferred.
Experience responding to client security questionnaires.
Strong understanding of ISO-27000 based security program functional areas and other commonly accepted standards (e.g., NIST, OWASP, CIS Benchmarks, Trust Services Principles)
Familiarity of relevant healthcare regulatory requirements
Knowledge of computer networking, operating systems, application development, cloud base solutions, and information security tools
Robust understanding and proficiency with compliance and audit processes associated with major federal and industry regulations (e.g., HIPAA)
Experience participating in a HITRUST R2 audit cycle.
Strong understanding of policy, compliance, and best practice security principles
Excellent analytical, decision-making, and problem-solving skills
Exceptional communication skills, both verbally and in writing, to technical and non-technical audiences of various levels.
Able to work independently with minimal guidance.

Benefits

Competitive salary based on your experience and skills – we believe the top talent deserves the top dollar
Bonus Potential (based on role and is discretionary) – if you go above and beyond, you should be rewarded
401k plans– we want to empower you to prepare for your future
Room for growth and advancement- we love our employees and want to develop within
Comprehensive Medical, Dental, and Vision insurance plans
Tax-free Dependent Care Account
Life insurance, short-term, and long-term disability
Excellent PTO policy (everyone deserves a vacation now and then)
Great work-life balance environment- We believe family comes first!
Strong supportive teams- There is always a helping hand when you need it

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information securityrisk evaluationsecurity controlsGRC methodologyISO-27000NISTOWASPCIS Benchmarkscloud solutionscompliance processes

Soft Skills

analytical skillsdecision-makingproblem-solvingcommunication skillsindependenceguidanceeducationcollaborationadvisory skillstracking

Certifications

Certified in Risk and Information Systems Controls (CRISC)Certified Information Systems Auditor (CISA)