Information Security Governance-Risk-Compliance Analyst

US-NM-Albuquerque

Careers (External)

Req #: 48506
Type: Full Time

Presbyterian Healthcare Services

				Overview:

Presbyterian is seeking a Information Security Governance-Risk-Compliance Analyst!

The Information Security Governance-Risk-Compliance Analyst is responsible for the oversight and coordination of various cybersecurity risk management activities focused on identifying, assessing, managing, and mitigating risks. Subject matter expert experienced in regulatory requirements, security framework standards, security operations and controls, and industry best practices.
The role works closely with Compliance, Internal Audit, and other Departmental Leaders in the coordination of planning, prioritization, tracking, and remediation of cyber risks, assessment and audit findings, supply chain risk, and operational risk. Works closely with technology and security leaders and subject matter experts to coordinate, review, and catalogue responses. coordinates with Compliance and Internal Audit to further the planning, response, and cataloguing of assessment and audit activities related to both Information Security and Information Technology. 
Supports the operationalization of the GRC management functions to ensure compliance with established security controls, industry frameworks, regulatory and legal requirements, organizational policies, and standards. Collaborates with the GRC Director and CISO on the risk management program, including risk assessments, risk analysis, internal and external audits, vendor security risk program and risk register management. Other key activities will include reviewing existing security policies, assessing that procedures are implemented in accordance with security policies and standards, and that security metrics are being measured. 

We're determined to take care of those working in healthcare.

Presbyterian is dedicated to improving people's lives - the lives of our patients and the lives of our coworkers. We're locally owned and operated, which encourages supportive leadership that emplowers employees. And we provide the opportunity to gorw from entry-level to the most senior positions.

Why Join Us

* Full Time - Exempt: Yes
* Job is based at Rev Hugh Cooper Admin Center
* Work hours: Weekday Schedule Monday-Friday
* Benefits: We offer a wide range of benefits including medical, wellness program, vision, dental, paid time off, retirement and more for FT employees.

Responsibilities:

* Provide expert knowledge in information security standards and practices and with related federal, state, and local regulatory requirements.
* Identify and assess the severity and potential impact of risks identified within audits and assessments. Educate risk owners within Information Technology and Information Security about risk assessment findings and proper risk remediation.
* Support the implementation of PHS and PHP information governance, risk, and compliance processes.
* Assess processes, practices, and controls against PHS Information Technology and Information Security policies, procedures, and standards.
* Coordinate, catalogue, and communicate internal and external risks and findings to the Director, ITGRC.
* Develop and maintain risk exception and acceptance processes, corrective action plans and mitigation strategies for cyber risks, assessment and audit findings, supply chain risks, and operational risks and recommendations. Corrective action plans are continually updated, and progress is documented for each open item.

Qualifications:

* Bachelors degree in Information Security, Computer Science, Information Management Systems, or related field desired; or 6 years of relevant experience may be substituted in lieu of degree. An advanced degree is strongly preferred.
* 3 years of experience in Information Security Risk Management or in Information Technology/Information Security Audit required.
* 5 years of experience in a large (over 2,000 end users) Healthcare IT Enterprise preferred.
* 7 years of experience in a combination of IT Governance, Risk Management, Compliance, and Information security roles preferred.
* Professional certifications such as Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) or Certified Risk & Information Security Controls (CRISC) required or willing to obtain within the first year of employment.
* Expert working knowledge from within an information security function using ISO 27000, NIST CSF, NIST RMF, or NIST 800-53, HIPAA, or HITRUST Common Security Framework.
* Experience supporting SSAE 16 or SOC 2
* Detailed understanding and extensive experience with information security regulations, including at a minimum National Institute of Standards and Technology (NIST), Health Insurance Portability Accountability Act (HIPAA), Payment Card Industry (PCI), ISO 27001 and ISO 27018, Sarbanes-Oxley (SOX), Cloud Security Alliance (CSA) and various other laws and regulations including Executive Orders.
* Significant experience performing Information Security Risk Management, Third-Party Risk Management, and audits and assessments in large, complex organizations.
* Significant experience in end-to-end IT and Security Risk Management.
* Significant experience with technical risk remediation identification and planning.
* Significant experience with corrective action and remediation engagement and planning.
* Models high standards of integrity, performance, confidentiality, and demonstrates sound judgement.
* Incorporates Presbyterian Health Services values into the ITGRC compliance and audit program

Credentials:
Essential:
* Certified Information Systems Security Professional
* Certified in Risk and Information Systems Control
* Certified Information Systems Auditor
			
Share this job: