SUMMARY OF OVERALL PURPOSE
POSITION OVERVIEW: Our IT team is growing and currently looking for a SR GOVERNANCE, RISK & COMPLIANCE ANALYST. In this role, you’ll be responsible for the daily execution, facilitation, and coordination of activities for Health Benefits’ Information Security Program. You’ll conduct risk management by evaluating current conditions, systems and practices within IT and across the enterprise to inform the IS Dashboard and as appropriate develop and maintain effective practices to identify, document, isolate, deter, defend against threats and orchestrate remediation efforts.
The role of the Sr GRC Analyst is to work with key business units to drive the design, implementation, operation, and remediation activities of industry accepted control frameworks (NIST CSF, HITRUST, COBIT, etc) in support of established policies, standards, and regulatory requirements. In this role, you will provide controls subject matter expertise, guidance, and internal consultancy to business partners, including IT. You’ll work closely with IS leadership to help ensure the organization is applying the appropriate security controls as determined by the IS strategy.
RESPONSIBILITIES:
KEY ACCOUNTABILITIES
Percentage of Time
20%
Owns overall responsibility for Trustmark's InfoSec Compliance Integrated Framework
20%
Expertly reviews, analyzes, and makes recommendations for information security risk
20%
Coordinates with external and internal auditors and system-wide stakeholders
20%
Partnership support to IT and other staff to develop secure processes and technology
20%
Leads and completes risk analysis for both onsite, written or verbal assessments
TOTAL = 100%
SUPERVISORY RESPONSIBILITIES
0
0
This is an individual contributor role.
EDUCATION AND EXPERIENCE
MINIMUM REQUIREMENTS
PREFERRED
Strong intellectual curiosity
Bachelor’s Degree and 6+ years of related experience OR High School Diploma/GED with 8+ years of related experience.
Knowledge of HIPAA Security Rule, NYSDFS, and other federal and state security laws.
Strong, effective communication skills, both verbal and written
Ability to interact with and present to senior leaders both in IT and across the organization
Prior experience with program/project planning, development, and management methodologies
Certifications such as CISSP, CRISC, CISA, SANS, CTPRP/CTPRA, etc.
Required Skills Required Experience
Required Skills:
OSI Industries is an Equal Employment Opportunity employer that believes everyone has the right to be treated with dignity and respect. OSI does not discriminate on the basis of national origin, gender, race, color, religion, pregnancy, gender identity, sexual orientation, protected veteran status, disability, or any other characteristic protected by applicable law. All applicants will receive consideration for employment based on merit, qualifications and business needs. OSI participates in the E-Verify program.