GRC Analyst IV

Company: HCSC
Location: Waukegan
Posted on: March 16, 2023

Job Description:

At HCSC, we consider our employees the cornerstone of our business and the foundation to our success. We enable employees to craft their career with curated development plans that set their learning path to a rewarding and fulfilling career.

Come join us and be part of a purpose driven company who is invested in your future!

Job Summary

Welcome to a team of caring and passionate people who work each day to meet the needs of our members and clients. At Health Benefits (a subsidiary of Health Care Service Corporation), you will be part of an organization committed to offering custom services to self-funded health benefits plans that manage costs - without compromising benefits - by offering innovative solutions, flexibility, transparency, and customer support.

Our IT team is growing and currently looking for a Sr Governance, Risk & Compliance Analyst. In this role, you'll be responsible for the daily execution, facilitation, and coordination of activities for Health Benefits' Information Security Program. You'll conduct risk management by evaluating current conditions, systems and practices within IT and across the enterprise to inform the IS Dashboard and as appropriate develop and maintain effective practices to identify, document, isolate, deter, defend against threats and orchestrate remediation efforts.

The role of the Sr GRC Analyst is to work with key business units to drive the design, implementation, operation, and remediation activities of industry accepted control frameworks (NIST CSF, HITRUST, COBIT, etc) in support of established policies, standards, and regulatory requirements. In this role, you will provide controls subject matter expertise, guidance, and internal consultancy to business partners, including IT. You'll work closely with IS leadership to help ensure the organization is applying the appropriate security controls as determined by the IS strategy.

Responsibilities

Responsibilities:

* Owns overall responsibility for Trustmark's InfoSec Compliance Integrated Framework and ensuring that policies and processes are aligned to the framework and meeting regulatory and contractual requirements.
* Expertly reviews, analyzes, and makes recommendations for information security risk; driving improvements to business and IT operational processes. Includes research into current information security and privacy best practices in the context of business and IT processes, working with organization-wide groups to implement critical risk reductions.
* Coordinates with external and internal auditors and system-wide stakeholders, providing points of contact as well as facilitating the creation and delivery of data call items and other forms of evidence for efforts that carry substantial consequences of success or failure. Ensures critical applications and supporting infrastructure adhere to security policies and standards by executing compliance checks and periodic reviews. Includes maintaining compliance documentation, internal reporting, creation of technical compliance controls, and gap assessment.
* Provides internal consultative and partnership support to IT and other staff to develop secure processes and technology in compliance with HIPAA, Centers for Medicare & Medicaid Services (CMS) Information Security Acceptable Risk Safeguards (ARS), NIST Cybersecurity Framework, and any other related programs.
* Leads and completes risk analysis for both onsite, written or verbal assessments, with the assistance of the business, ensuring consistent execution.
* Owns, liaises, coordinates and engages with external and internal stakeholders on all IT audit and security assessment activities, and ensures facilitation with all stakeholders on the preparation and presentation of appropriate examination materials.
* Creates and drives the format for the consultation to IT and technology service owners with gold standard technical baselining, including but not limited to NIST CSF security framework.
* Provides thought leadership on topics and key issues for information security awareness.
* Collaborates across IT departments to identify, administer, analyze, and solve critical security problems, as well as operationalize lessons learned into existing or new technological controls, solutions, processes, procedures, knowledge articles.
* Provides in-depth subject matter expertise regarding regulatory efforts, technology compliance requirements and alignment of work being done by other Trustmark projects and teams with InfoSec policies and controls.
* Is the primary security resource that plays a key collaborative, influencing and consultative role in system, network and data protection and secure system engineering lifecycle.
* Applies knowledge and skills in their own discipline to complete a wide range of tasks. Identifies key issues from conflicting or partial information.
* Serves as point of contact to solve complex problems by means of systematic and disciplined troubleshooting.
* Guides security administrators, analysts and IT staff in the resolution of complex security incidents.
* Helps lead security investigations as incident response coordinator.
* Provides thought leadership on information security operations and best practices
* Strong intellectual curiosity
* Bachelor's Degree and 6+ years of related experience OR High School Diploma/GED with 8+ years of related experience.
* Knowledge of HIPAA, NYDFS Cybersecurity Rule, and other federal and state security laws.
* Strong, effective communication skills, both verbal and written
* Ability to interact with and present to senior leaders both in IT and across the organization
* Prior experience with program/project planning, development, and management methodologies
* Certifications such as CISSP, CRISC, CISA, SANS, CTPRP/CTPRA, etc. preferred

Are you being referred to one of our roles? If so, ask your connection at HCSC about our Employee Referral process!

HCSC Employment Statement:

HCSC is committed to diversity in the workplace and to providing equal opportunity and affirmative action to employees and applicants. We are an Equal Opportunity Employment / Affirmative Action employer dedicated to workforce diversity and a drug-free and smoke-free workplace. Drug screening and background investigation are required, as allowed by law. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Keywords: HCSC, Waukegan , GRC Analyst IV, Professions , Waukegan, Illinois