Jobs for People with MS: National MS Society

Job Description

The GRC Analyst will be responsible for implementing, maintaining, and enhancing policies, standards, procedures, and internal controls to ensure compliance with regulatory and legal requirements, as well as information security best practices. The ideal candidate will possess a security engineer mindset, focusing on building out GRC frameworks, automation, and integrating technical controls. The GRC Analyst will proactively collaborate with key business stakeholders to assess and design controls aimed at reducing information security risk. They should be able to understand and articulate the impact of information security controls on the business and effectively communicate this to stakeholders.

Primary Responsibilities:

Risk Assessment: Identify, assess, and prioritize risks that could impact the clients compliance, financial health, or reputation.

Compliance Management: Develop, implement, and maintain compliance programs and policies that align with regulatory requirements and industry best practices.

Auditing: Conduct internal and external audits to assess compliance with regulations and identify areas for improvement.

Reporting: Prepare and analyze compliance reports, metrics, and dashboards to track progress and identify trends.

Training and Awareness: Develop and deliver training programs to educate employees about compliance requirements and information security best practices.

Incident Management: Respond to compliance incidents, conduct investigations, and implement corrective actions.

Technology Implementation: Evaluate and implement GRC software and tools to streamline compliance processes and improve efficiency.

Continuous Improvement: Explore opportunities to enhance GRC processes through automation and continuous monitoring of information security controls, risks, and exceptions, and develop reporting metrics, dashboards, and evidence artifacts.

Vulnerability Management: Assist in the development and ongoing oversight of a vulnerability management program.

Risk Remediation: Manage the remediation of risks identified through the risk register process and contribute to the improvement of risk treatment plans and the overall risk management program.

Security Exceptions: Manage the security exception process, including the completion of security exceptions, tracking, and following up on alternative mitigating action items detailed within approved security exceptions.

Audit Coordination: Coordinate and track security-related audits, including scope of audits, stakeholder engagement, and deliverable timelines; work with teams as appropriate to achieve audit readiness; provide guidance, evaluation, and advocacy on audit responses.

Vendor Risk Management: Maintain the vendor risk management program, including vendor reviews and risk assessments; improve the program with the build-out of repositories, tools, and documentation for third-party vendor risk assurance.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to HR@insightglobal.com .

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

Skills and Requirements

- 6+ years of experience in information technology and Governance, risk, and compliance management.

- Proficient in implementing, and managing GRC software tools and platforms (e.g., Vanta) to streamline risk assessment, compliance monitoring, and incident management processes.

- Experienced in reviewing risk analyses, drafting corrective action plans, and driving the risk treatment process.

- Adept at conducting security compliance reviews and audits of both on-premises and hosted environments, including AWS and Azure

- Proven track record in implementing and maintaining HITRUST CSF and ISO 27001 compliance frameworks.

o Other comparable frameworks include NIST 800, and HIPAA

- Bachelors degree in a Technical discipline related to Information Technology Professional certifications such as CGRC, CISSP, CISA, CRISC, or similar are highly desirable.

 Healthcare Industry experience

 Experience completely building out a GRC framework

 Cyber Security Engineering background

o Prior to requal looking for more technical candidate, which still open to taking.

o 6+ years of experience designing, implementing, and managing cyber security tools and activities like risk assessments, compliance monitoring, and automation of auditing tasks. null

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to HR@insightglobal.com.