Lead IT Security GRC Analyst

About The Position

Requirements

• Bachelor's degree
• Minimum of three (3) years of experience in information security governance, risk, and compliance and AI security and data privacy governance and controls implementation
• Familiarity with industry standards and regulations including PCI, HIPAA, NIST, HITRUST, and IS0 27007
• Demonstrated interpersonal, verbal, and written communication skills
• Working knowledge of and experience in the policy and regulatory environment of information security, especially in healthcare is preferred
• Demonstrated entrepreneurial spirit, humility, and comfort working in and contributing to a dynamic and cross-functional team environment
• Keep constantly updating job knowledge by participating in educational opportunities; reading professional publications; maintaining personal networks; participating in professional organizations

Nice To Haves

• CISSP, CISM, CISA, CRISC certifications or like preferred

Responsibilities

• Lead security risk management efforts.
• Contribute to the development of the organization's overall security strategy and provide strategic input for security initiatives and projects
• Lead and mentor a team of GRC security professionals
• Develop security awareness materials and manage phishing simulation
• Anticipate security threats that generate alerts, incidents, and disasters and recommend controls to reduce their likelihood
• Develop, implement, and maintain risk mitigation strategies and action plans with key stakeholders
• Monitor and report on risk metrics and trends.
• Prepare reports that document security incidents and breaches and the extent of the damage caused by the breaches
• Collaborate with the Compliance Department to ensure Monogram Health’s compliance with relevant laws, regulations, certifications, assessments, and industry standards
• Facilitate third-party security assessments and audits, such as HIPAA security risk assessments and HITRUST assessments.
• Assess, manage, maintain, and enhance the third-party vendor risk management program and ensure third-party compliance with security standards
• Collaborate with other departments to integrate security into business processes
• Identify and implement continuous improvement initiatives within the security GRC function to enhance security posture
• Stay informed about industry trends and best practices.
• Assist in incidents and security breaches to determine root causes
• Lead annual policies and procedures reviews and updates

Benefits

• Comprehensive Benefits - Medical, dental, and vision insurance, employee assistance program, employer-paid and voluntary life insurance, disability insurance, plus health and flexible spending accounts
• Financial & Retirement Support – Competitive compensation, 401k with employer match, and financial wellness resources
• Time Off & Leave – Paid holidays, flexible vacation time/PSSL, and paid parental leave
• Wellness & Growth – Work life assistance resources, physical wellness perks, mental health support, employee referral program, and BenefitHub for employee discounts