Seeking an Advanced Security Analyst who will be responsible for maintaining Governance, Risk, and Compliance functions as they relate to Cybersecurity in the Health System network.
This position will assist in ensuring all defined enterprise and end user security strategies, profiles, and security guidelines are followed. Areas of focus include, establishing and updating corporate GRC policies, serve as a DLP subject matter expert within the organization, collaborating on the DLP rule development lifecycle including policy development, response rules, and maintenance, tracking discovered findings to ensure they are remediated or accepted by the business, derive metrics from GRC activities for distribution to various audiences, regularly monitor organizational cyber risks, assist in necessary aspects of external audits/reviews.
The position will have a hybrid schedule.
MINIMUM EXPERIENCE REQUIRED: Three (3) years of progressively responsible IT/Compliance work experience with a focus in GRC required
3+ years of expertise conducting HIPAA audits/assessments, as well as handling audit responses
Knowledge of technical infrastructure, networks, databases and systems in relation to IT Security and IT Risk
Thorough understanding of international regulatory frameworks like NIST, ISO, HIPAA, HITRUST, PCI DSS, and GDPR
Familiarity with existing and emerging cloud technology services and concepts
Experience supporting complex incidents such as insider risk, corporate espionage, data exfiltration, or other cybercrimes
Experience with working with other stakeholders to link corporate IT, procurement, and privacy departments with GRC objectives
Strong analytical and problem-solving skills coupled with great attention to detail required
Strong knowledge on security technologies and solutions required
Experience managing security events/incidents/projects as part of a GRC team
Expert analytical and problem-solving skills coupled with great attention to detail. Ability to resolve complex problems, proactively monitors and pursues improvement in applicable process, technology and systems, and policies
Advanced expertise on security technologies and solutions and is able to identify any gaps in capabilities of various security solutions with security frameworks
Certifications/Registration Requirements:
GSEC, SSCP, CISA, CISM, CISSP, or other industry certification preferred
