GRC Compliance & Audit Specialist

Presbyterian is seeking a GRC Compliance & Audit Specialist. The ITGRC Compliance and Audit Specialist of Information Technology Governance Risk and Compliance (ITGRC) will be a subject matter expert experienced in regulatory requirements security framework standards and industry best practices. The ITGRC Compliance and Audit Professional is responsible for the oversight and coordination of all IT audit activities both internal external. The role works closely with Compliance Internal Audit other departments in the coordination of planning responding and tracking assessment audit activities related to both Information Security Information Technology.

In addition this role will support the operationalization of the GRC management functions to ensure compliance with established security controls industry frameworks regulatory legal requirements organizational policies standards. The Compliance and Audit Specialist will collaborate with the CISO on the risk management program including risk assessments risk analysis internal external audits vendor security risk program risk register management. Other key activities included in the ITGRC Compliance and Audit Professional will include reviewing existing security policies assessing that procedures are implemented in accordance with security policies standards and that security metrics are being measured. The position does not have any direct reports.

• This is a Full Time position - Exempt: Yes
• Job is based at Rev Hugh Cooper Admin Center
• Work hours: Days

Preferred Qualifications:

• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)

• A Bachelors degree in Information Security Computer Science Information Management Systems or related field required; An advanced degree is strongly preferred.
• 5 years of experience in a combination of governance risk management information security and technology jobs.
• 3 years of experience in a risk management and/or IT audit support role.
• Five plus years of experience in a large over 2000 end users Healthcare IT Enterprise preferred.
• Experience working within an information security function using ISO 27000 NIST CSF or NIST 800-53 HIPAA or HITRUST Common Security Framework.
• Experience supporting SSAE 16 or SOC 2
• Experience using ARCHER
  
  Professional Information Security related certification such as Certified Information Security Auditor CISA Certified Information Security Manager CISM or Certified Risk & Information Security Controls CRISC preferred or willing to obtain within the first year of employment.

• Responsible for identifying tracking and communicating federal state local and other pertinent regulatory requirements and regulatory changes impacting both the delivery system and the plan. adapting industry trends for enterprise strategic financial and IT solutions to senior executive leaders.
• Supports the implementation PHS information governance risk and compliance processes.
• Manage the assessment and audit roadmap to support the internal and external assessments and audits required for both the delivery system and the plan.
• Provides oversight for IT policies procedures and standards. Participates in the development and maintenance of policies procedures measures and mechanisms to deliver GRC and meet customer requirements.
• Communicates internal and external assessment and audit findings to the CISO and IT Leadership and supports and monitors ITGRC roadmap objectives in the development of effective course of action; and implementation of recommendations.
• Maintains relationships with Legal Privacy Internal Audit Quality Regulatory and Finance.
  
  
  

About Presbyterian Healthcare Services
Presbyterian offers a comprehensive benefits package to eligible employees including medical dental vision disability coverage life insurance and optional voluntary benefits.

The Employee Wellness Rewards Program encourages staff to engage in health-enhancing activities - like challenges webinars and screenings - with opportunities to earn gift to earn gift cards and other incentives.

As a mission-driven organization Presbyterian is deeply committed to improving community health across New Mexico through initiatives like growers markets and local partnerships. Founded in 1908 Presbyterian is a locally owned not-for-profit healthcare system with nine hospitals a statewide health plan and a growing multi-specialty medical group. With nearly 14000 employees it is the largest private employer in the state serving over 580000 health plan members through Medicare Advantage Medicaid and Commercial plans.

AA/EOE/VET/DISABLED. PHS is a drug-free and tobacco-free employer with smoke free campuses.