Information Security Governance-Risk-Compliance Analyst
Information Security Governance-Risk-Compliance Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Not Disclosed
Salary Not Disclosed
1 Vacancy
Job Description
Overview
Presbyterian is seeking a Information Security Governance-Risk-Compliance Analyst!
The Information Security Governance-Risk-Compliance Analyst is responsible for the oversight and coordination of various cybersecurity risk management activities focused on identifying assessing managing and mitigating risks. Subject matter expert experienced in regulatory requirements security framework standards security operations and controls and industry best practices.
The role works closely with Compliance Internal Audit and other Departmental Leaders in the coordination of planning prioritization tracking and remediation of cyber risks assessment and audit findings supply chain risk and operational risk. Works closely with technology and security leaders and subject matter experts to coordinate review and catalogue responses. coordinates with Compliance and Internal Audit to further the planning response and cataloguing of assessment and audit activities related to both Information Security and Information Technology.
Supports the operationalization of the GRC management functions to ensure compliance with established security controls industry frameworks regulatory and legal requirements organizational policies and standards. Collaborates with the GRC Director and CISO on the risk management program including risk assessments risk analysis internal and external audits vendor security risk program and risk register management. Other key activities will include reviewing existing security policies assessing that procedures are implemented in accordance with security policies and standards and that security metrics are being measured.
Were determined to take care of those working in healthcare.
Presbyterian is dedicated to improving peoples lives - the lives of our patients and the lives of our coworkers. Were locally owned and operated which encourages supportive leadership that emplowers employees. And we provide the opportunity to gorw from entry-level to the most senior positions.
Why Join Us
- Full Time - Exempt: Yes
- Job is based at Rev Hugh Cooper Admin Center
- Work hours: Weekday Schedule Monday-Friday
- Benefits: We offer a wide range of benefits including medical wellness program vision dental paid time off retirement and more for FT employees.
Qualifications
- Bachelors degree in Information Security Computer Science Information Management Systems or related field desired; or 6 years of relevant experience may be substituted in lieu of degree. An advanced degree is strongly preferred.
- 3 years of experience in Information Security Risk Management or in Information Technology/Information Security Audit required.
- 5 years of experience in a large (over 2000 end users) Healthcare IT Enterprise preferred.
- 7 years of experience in a combination of IT Governance Risk Management Compliance and Information security roles preferred.
- Professional certifications such as Certified Information Security Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) or Certified Risk & Information Security Controls (CRISC) required or willing to obtain within the first year of employment.
- Expert working knowledge from within an information security function using ISO 27000 NIST CSF NIST RMF or NIST 800-53 HIPAA or HITRUST Common Security Framework.
- Experience supporting SSAE 16 or SOC 2
- Detailed understanding and extensive experience with information security regulations including at a minimum National Institute of Standards and Technology (NIST) Health Insurance Portability Accountability Act (HIPAA) Payment Card Industry (PCI) ISO 27001 and ISO 27018 Sarbanes-Oxley (SOX) Cloud Security Alliance (CSA) and various other laws and regulations including Executive Orders.
- Significant experience performing Information Security Risk Management Third-Party Risk Management and audits and assessments in large complex organizations.
- Significant experience in end-to-end IT and Security Risk Management.
- Significant experience with technical risk remediation identification and planning.
- Significant experience with corrective action and remediation engagement and planning.
- Models high standards of integrity performance confidentiality and demonstrates sound judgement.
- Incorporates Presbyterian Health Services values into the ITGRC compliance and audit program
Credentials:
Essential:
* Certified Information Systems Security Professional
* Certified in Risk and Information Systems Control
* Certified Information Systems Auditor
Responsibilities
- Provide expert knowledge in information security standards and practices and with related federal state and local regulatory requirements.
- Identify and assess the severity and potential impact of risks identified within audits and assessments. Educate risk owners within Information Technology and Information Security about risk assessment findings and proper risk remediation.
- Support the implementation of PHS and PHP information governance risk and compliance processes.
- Assess processes practices and controls against PHS Information Technology and Information Security policies procedures and standards.
- Coordinate catalogue and communicate internal and external risks and findings to the Director ITGRC.
- Develop and maintain risk exception and acceptance processes corrective action plans and mitigation strategies for cyber risks assessment and audit findings supply chain risks and operational risks and recommendations. Corrective action plans are continually updated and progress is documented for each open item.
Benefits
All benefits-eligible Presbyterian employees receive a comprehensive benefits package that includes medical dental vision short-term and long-term disability group term life insurance and other optional voluntary benefits.
Wellness
Presbyterians Employee Wellness rewards program is designed to provide you with engaging opportunities to enhance your health and activate your well-being. Earn gift cards and more by taking an active role in our personal well-being by participating in wellness activities like wellness challenges webinar preventive screening and more.
Why work at Presbyterian
As an organization we are committed to improving the health of our communities. From hosting growers markets to partnering with local communities Presbyterian is taking active steps to improve the health of New Mexicans.
About Presbyterian Healthcare Services
Presbyterian exists to ensure the patients members and communities we serve can achieve their best health. We are a locally owned not-for-profit healthcare system of nine hospitals a statewide health plan and a growing multi-specialty medical group. Founded in New Mexico in 1908 we are the states largest private employer with nearly 14000 employees.
Our health plan serves more than 580000 members statewide and offers Medicare Advantage Medicaid (Centennial Care) and Commercial health plans.
AA/EOE/VET/DISABLED. PHS is a drug-free and tobacco-free employer with smoke free campuses.
Maximum Offer for this position is up to
Compensation Disclaimer
Required Experience:
IC
Employment Type
Full-Time
