Vacancy expired!
We are seeking an IT GRC Program Analyst who will play a key role in our information security, IT Governance, Risk, and IT Compliance Program. The GRC Analyst will plan and implement security measures to protect information systems, networks, and data. This position will be responsible for assessing information security-related risks and preventing data loss and service interruptions related to threats.
Essential Functions of the Job:- Work with the Information Security Officer to implement an enterprise-wide security plan.
- Establish and maintain system controls by developing a framework for controls and levels of access; recommending improvements to improve security and reduce risk. Create and update the necessary policies associated with HIPAA and PCI DSS requirements.
- Analyze and recommend workflow changes to IT management in order to strengthen controls and enhance information security.
- Provide governance for the identification, audit, validation, and remediation of information technology controls and processes required for HIPAA, PCI, and any other applicable regulatory requirements.
- Plan, design, implement and maintain IT Governance, Risk & Compliance initiatives, and their supporting elements.
- Develops security awareness by providing orientation, educational programs, and on-going communication. Works with stakeholders at all levels of the organization to communicate the state of information security, inform of possible risks, and suggest ways to improve security
- Work with other members of the IT Dept. to implement safeguards and other IT security-related solutions,
- Stay up-to-date on the latest intelligence and methodologies related to information security in order to identify threats and manage risks. Updates job knowledge and awareness of IT Security developments by participating in educational opportunities; reading professional publications.
- 5+ years of experience as an IT Security Analyst or GRC Analyst or IT Compliance Analyst
- 2+ years conducting change management in an IT environment
- 2+ years in a healthcare environment, a strong understanding of HIPPA and HITECH requirements
- 2+ years supporting or conducting audits within a regulated environment
- 2+ years conducting forensics to support various departments
- Experience building and maintaining an enterprise-wide security program
- Strong understanding of IT risk management
- Strong understanding of IT Audit best practices
- Strong understanding of ITIL best practice
- 1 or more of these certifications: CISSP, CISM, CISA, CRISC, CEH
- Experience with auditing and monitoring tools
- Ediscovery Tools
- LMS
- Experience utilizing tools to conduct forensic analysis
- Next-Generation Firewall concepts: Palo Alto, Cisco ASA
- Experience with Intrusion Prevention Systems
- Application Firewall administration
- Internet security applications such as Websense, Zscaler
- Knowledge of Email encryption systems
- Vulnerability management system administration
- Endpoint Admission Control: Cisco ISE, NAP
- Antivirus administration
- Knowledge of VPN technologies
- Experience utilizing tools to validate the extent of known attacks
- Knowledge of Microsoft-centric products and technology: Active Directory, Exchange, SQL
Vacancy expired!