Position: Senior Information Technology - Governance, Risk and Compliance (GRC) Specialist
The Senior IT Governance, Risk and Compliance (GRC) Specialist is responsible for day to day activities across the entire scope of Logisiticare | Circulation Security Governance, Risk and Compliance programs.
The job encompasses leading and participating in the assessment of security, risks, and control effectiveness for applications, infrastructure, and technology projects. The Specialist will identify, classify, and document control issues in the Logisiticare | Circulation computing environment by documenting assessment results, recommending corrective action, tracking remediation, evaluating policy and control standard exceptions, and regularly report to IT management.
Assists internal and external auditors in executing audits of Logisiticare | Circulation’s computing environments. The Specialist will also maintain the Information Security portion of Logisiticare | Circulation’s Vendor Management program.
Location: Atlanta, Georgia or Alpharetta, GA
Duties & Responsibilities
- Internal Compliance - Leads IT control assessments to ensure effective IT controls are in place to meeting operational and compliance requirements.
- Vendor Risk Management - Provides Logisiticare | Circulation Vendor Management a completed risk profile for the vendor on-boarding process and conducts annual review of critical vendors.
- Performs ongoing logical access reviews and recommends updates to access control privileges to ensure proper Segregation of Duties based on user access reviews.
- Respond to customer questionnaires in support of contractual obligations.
- Effectively reports and communicates testing results to IT management for corrective action, where required.
- Performs evidence collection and project management assistance of the annual certification programs.
- Track and monitor risk exceptions to ensure control deviations are identified and mitigating controls are in place.
- Assist with drafting and maintaining information IT policies; facilitates annual policy review and approval by Chief Information Security Officer.
- Contributes to the team knowledge base by participating in appropriate training and providing industry and best practice knowledge.
- Works with the IT, Internal Audit, Compliance and other key stakeholders to create an IT GRC strategy that complies with professional standards and addresses the IT risks inherent in Logisiticare | Circulation’s operations and industry.
- Demonstrates excellent project management skills, inspires teamwork and responsibility with engagement team members, and uses current technology/tools to enhance the effectiveness of deliverables and services.
Required Skills & Qualifications:
- Bachelor's degree in Information Technology. An equivalent combination of education and work experience may be taken into consideration in lieu of a degree
- 4 - 6 years of relevant Information Technology (IT) experience, with a minimum of 3 years' experience focusing on IT Risk, Governance and Compliance
- Demonstrated knowledge of recognized IT audit-related standards and regulations.
- Exceptional verbal and written communication skills
- Experience with High Priority, High Activity and Multi tasked Environments
- SOX audit experience is a plus. Lead auditor or Primary audit respondent, or current /former PCI QSA.
- SOC 1, Type 2, SOC 2, Type 2 audit experience is a plus.
- Experience with Security compliance programs, standards and regulations including NIST 800-53, NIST Cyber Security Framework, GLBA
- HITRUST experience is a big plus
- CISA, CISSP, CRSIC certification is desired
- Experience with GRC methodologies, tools and enablers in the healthcare services sector
- Strong project management skills
Why Work Here?
Fast growing healthcare firm, lots of room for Growth.