HiringCafe
Posted 3mo ago

Governance Risk & Compliance Analyst III

@ Vatica Health
View All Jobs
United States
$80k-$100k/yrRemoteFull Time
Responsibilities:Create reporting, Assess compliance, Advise stakeholders
Requirements Summary:Bachelor in CS/tech security or equivalent; 4+ years in GRC; CRISC; CISA preferred; strong ISO-27000/NIST knowledge; healthcare regulatory familiarity; strong communication; independent work.
Technical Tools Mentioned:ISO-27000, NIST, HIPAA, CRISC, CISA
Save
Mark Applied
Hide Job
Report & Hide
Job Description

The Governance Risk & Compliance Analyst III plays a critical role in Vatica’s Information Security Program. The primary responsibility for this role is to evaluate and assess cyber and data risk exposure based on Vatica’s security framework as well as healthcare regulatory requirements. Support the planning and implementation of information security controls across the organization. This entails continuously evaluating the IT control environment, assessing control appropriateness and effectiveness, determining information security risk, and providing consultative direction on the development of appropriate security measures to mitigate risk exposure.  

 As a key member of the Governance Risk & Compliance function, this role will be called upon to perform IT and security control risk assessments, provide direction and security control recommendations to mitigate risk, reduce risk exposure for business-as-usual and project engagements. In addition, the analyst will track remediation of any identified control gaps and deficiencies, analyze data for management reporting, and ensure all cyber and data security requirements are in place.  

  

Responsibilities:  

  • Create monthly reporting by analyzing and reporting on the effectiveness of IT security controls and risk exposure.  
  • Assess and continuously monitor that all applicable regulatory requirements are met, and security controls are managed and maintained.  
  • Perform information security risk evaluations on reported IT issues.  
  • Advise and guide the business and IT partners on the appropriateness of security measures to mitigate risk and reduce risk exposure.  
  • Educate the business and IT partners on alterative security measures where security requirements are unable to be met.  
  • Track remediation plans through to successful implementation with the business and IT partners.  
  • Participate in IT initiatives as necessary to ensure security control measures are addressed and imbedded in business-as-usual activities prior to project completion.  
  • Develop information security processes and procedures and continuously improve security aspects of operating processes.  
  • Serve as the primary point of contact for external auditors.