Governance Risk & Compliance Analyst III
Job Description
The Governance Risk & Compliance Analyst III plays a critical role in Vatica’s Information Security Program. The primary responsibility for this role is to evaluate and assess cyber and data risk exposure based on Vatica’s security framework as well as healthcare regulatory requirements. Support the planning and implementation of information security controls across the organization. This entails continuously evaluating the IT control environment, assessing control appropriateness and effectiveness, determining information security risk, and providing consultative direction on the development of appropriate security measures to mitigate risk exposure.
As a key member of the Governance Risk & Compliance function, this role will be called upon to perform IT and security control risk assessments, provide direction and security control recommendations to mitigate risk, reduce risk exposure for business-as-usual and project engagements. In addition, the analyst will track remediation of any identified control gaps and deficiencies, analyze data for management reporting, and ensure all cyber and data security requirements are in place.
Responsibilities:
- Create monthly reporting by analyzing and reporting on the effectiveness of IT security controls and risk exposure.
- Assess and continuously monitor that all applicable regulatory requirements are met, and security controls are managed and maintained.
- Perform information security risk evaluations on reported IT issues.
- Advise and guide the business and IT partners on the appropriateness of security measures to mitigate risk and reduce risk exposure.
- Educate the business and IT partners on alterative security measures where security requirements are unable to be met.
- Track remediation plans through to successful implementation with the business and IT partners.
- Participate in IT initiatives as necessary to ensure security control measures are addressed and imbedded in business-as-usual activities prior to project completion.
- Develop information security processes and procedures and continuously improve security aspects of operating processes.
- Serve as the primary point of contact for external auditors.
Requirements
- A bachelor’s degree in computer science or technology/information security-related field or equivalent experience
- Minimum of four (4) years of direct experience in a GRC role where risk-based methodology is used.
- Certified in Risk and Information Systems Controls (CRISC) or equivalent.
- Certified Information Systems Auditor (CISA) is preferred.
- Experience responding to client security questionnaires.
- Strong understanding of ISO-27000 based security program functional areas and other commonly accepted standards (e.g., NIST, OWASP, CIS Benchmarks, Trust Services Principles)
- Familiarity of relevant healthcare regulatory requirements
- Knowledge of computer networking, operating systems, application development, cloud base solutions, and information security tools
- Robust understanding and proficiency with compliance and audit processes associated with major federal and industry regulations (e.g., HIPAA)
- Experience participating in a HITRUST R2 audit cycle.
- Strong understanding of policy, compliance, and best practice security principles
- Excellent analytical, decision-making, and problem-solving skills
- Exceptional communication skills, both verbally and in writing, to technical and non-technical audiences of various levels.
- Able to work independently with minimal guidance.
Competencies:
- Communicates Effectively
- Exchanging ideas, knowledge, and data so that the message is received and understood with clarity and purpose.
- Leverages emotional intelligence to adapt to the emotions and intentions of others.
- Decision Quality
- Demonstrates sound and timely decision making to maintain alignment with the needs of the company.
- Uses critical thinking with analysis, knowledge, and experience to make decisions.
- Plans and Aligns, Resourcefulness
- Plans and prioritizes work to meet the goals of the business.
- Breaks down objectives into plans and actions to achieve significant milestones.
- Anticipates and readily adjusts plans.
- Maintains organization of resources to support efficiency.
- Continually Reviews & Aligns Processes
- Ensures work and tasks are aligned to meet company priorities.
- Breaks down goals into actions with milestones.
- Readily adapts to new factors and pivots quickly.
- Situational Adaptability & Flexibility
- Adapts approach in real time to respond to different situations.
- Thinks quickly and readily adapts behavior in the moment.
- High level of versatility.
- Critical Thinking
- Desire to seek out, understand, and leverage innovative solutions.
- Able to process and analyze information to make sound decisions.
Benefits
WORKING AT VATICA HEALTH ADVANTAGES
Prosperity
- Competitive salary based on your experience and skills – we believe the top talent deserves the top dollar
- Bonus Potential (based on role and is discretionary) – if you go above and beyond, you should be rewarded
- 401k plans– we want to empower you to prepare for your future
- Room for growth and advancement- we love our employees and want to develop within
Good Health
- Comprehensive Medical, Dental, and Vision insurance plans
- Tax-free Dependent Care Account
- Life insurance, short-term, and long-term disability
Happiness
- Excellent PTO policy (everyone deserves a vacation now and then)
- Great work-life balance environment- We believe family comes first!
- Strong supportive teams- There is always a helping hand when you need it
The salary for a position is typically determined by multiple factors such as the individual's qualifications, experience, skills, and location. The projected compensation range for the position may vary based on these factors and could range from $80,000 to $100,000 (annualized USD). However, this estimate represents just one aspect of our total compensation package offered.
