GRC Analyst IV

At HCSC, we consider our employees the cornerstone of our business and the foundation to our success. We enable employees to craft their career with curated development plans that set their learning path to a rewarding and fulfilling career. Come join us and be part of a purpose driven company who is invested in your future! Job Summary Welcome to a team of caring and passionate people who work each day to meet the needs of our members and clients. At Health Benefits (a subsidiary of Health Care Service Corporation), you will be part of an organization committed to offering custom services to self-funded health benefits plans that manage costs – without compromising benefits – by offering innovative solutions, flexibility, transparency, and customer support. Our IT team is growing and currently looking for a Sr Governance, Risk & Compliance Analyst. In this role, you’ll be responsible for the daily execution, facilitation, and coordination of activities for Health Benefits’ Information Security Program. You’ll conduct risk management by evaluating current conditions, systems and practices within IT and across the enterprise to inform the IS Dashboard and as appropriate develop and maintain effective practices to identify, document, isolate, deter, defend against threats and orchestrate remediation efforts. The role of the Sr GRC Analyst is to work with key business units to drive the design, implementation, operation, and remediation activities of industry accepted control frameworks (NIST CSF, HITRUST, COBIT, etc) in support of established policies, standards, and regulatory requirements. In this role, you will provide controls subject matter expertise, guidance, and internal consultancy to business partners, including IT. You’ll work closely with IS leadership to help ensure the organization is applying the appropriate security controls as determined by the IS strategy. Responsibilities Responsibilities: Owns overall responsibility for Trustmark's InfoSec Compliance Integrated Framework and ensuring that policies and processes are aligned to the framework and meeting regulatory and contractual requirements. Expertly reviews, analyzes, and makes recommendations for information security risk; driving improvements to business and IT operational processes. Includes research into current information security and privacy best practices in the context of business and IT processes, working with organization-wide groups to implement critical risk reductions. Coordinates with external and internal auditors and system-wide stakeholders, providing points of contact as well as facilitating the creation and delivery of data call items and other forms of evidence for efforts that carry substantial consequences of success or failure. Ensures critical applications and supporting infrastructure adhere to security policies and standards by executing compliance checks and periodic reviews. Includes maintaining compliance documentation, internal reporting, creation of technical compliance controls, and gap assessment. Provides internal consultative and partnership support to IT and other staff to develop secure processes and technology in compliance with HIPAA, Centers for Medicare & Medicaid Services (CMS) Information Security Acceptable Risk Safeguards (ARS), NIST Cybersecurity Framework, and any other related programs. Leads and completes risk analysis for both onsite, written or verbal assessments, with the assistance of the business, ensuring consistent execution. Owns, liaises, coordinates and engages with external and internal stakeholders on all IT audit and security assessment activities, and ensures facilitation with all stakeholders on the preparation and presentation of appropriate examination materials. Creates and drives the format for the consultation to IT and technology service owners with gold standard technical baselining, including but not limited to NIST CSF security framework. Provides thought leadership on topics and key issues for information security awareness. Collaborates across IT departments to identify, administer, analyze, and solve critical security problems, as well as operationalize lessons learned into existing or new technological controls, solutions, processes, procedures, knowledge articles. Provides in-depth subject matter expertise regarding regulatory efforts, technology compliance requirements and alignment of work being done by other Trustmark projects and teams with InfoSec policies and controls. Is the primary security resource that plays a key collaborative, influencing and consultative role in system, network and data protection and secure system engineering lifecycle. Applies knowledge and skills in their own discipline to complete a wide range of tasks. Identifies key issues from conflicting or partial information. Serves as point of contact to solve complex problems by means of systematic and disciplined troubleshooting. Guides security administrators, analysts and IT staff in the resolution of complex security incidents. Helps lead security investigations as incident response coordinator. Provides thought leadership on information security operations and best practices Strong intellectual curiosity Bachelor’s Degree and 6 years of related experience OR High School Diploma/GED with 8 years of related experience. Knowledge of HIPAA, NYDFS Cybersecurity Rule, and other federal and state security laws. Strong, effective communication skills, both verbal and written Ability to interact with and present to senior leaders both in IT and across the organization Prior experience with program/project planning, development, and management methodologies Certifications such as CISSP, CRISC, CISA, SANS, CTPRP/CTPRA, etc. preferred Are you being referred to one of our roles? If so, ask your connection at HCSC about our Employee Referral process! HCSC Employment Statement: HCSC is committed to diversity in the workplace and to providing equal opportunity and affirmative action to employees and applicants. We are an Equal Opportunity Employment / Affirmative Action employer dedicated to workforce diversity and a drug-free and smoke-free workplace. Drug screening and background investigation are required, as allowed by law. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status. Join our talent community and receive the latest HCSC news, content, and be first in line for new job opportunities. Join our Talent Community. For more than 80 years, HCSC has been dedicated to expanding access to high-quality, cost-effective health care and equipping our members with information and tools to make the best health care decisions for themselves and their families. As an industry leader, HCSC also has been helping to make the health care system work better for all Americans. To remain a leader, we offer compelling careers that encourage resourcefulness, strategic thought and empower you to make a difference in the lives of our members and their communities. Today, with the industry at an important crossroad, HCSC is reimagining health care and looking for original thinkers who aren’t afraid to make innovative contributions. We are an Equal Opportunity Employment / Affirmative Action employer dedicated to workforce diversity and a drug-free and smoke-free workplace. Learn more about HCSC, our commitment to our members and the opportunity you’ll have to improve health care delivery in an open, collaborative environment. HCSC is committed to diversity in the workplace and to providing equal opportunity and affirmative action to employees and applicants. If you are an individual with a disability or a disabled veteran and need an accommodation or assistance in either using the Careers website or completing the application process, you can call us at 1-866-977-7378 to request reasonable accommodations. Please note that only requests for accommodations in the application process will be returned. All applications, including resumes, must be submitted through HCSC's Career website on-line application process. If you have general questions regarding the status of an existing application, navigate to "candidate home" to view your job submissions. Legal and Privacy Health Care Service Corporation is an Equal Opportunity Employment / Affirmative Action employer Blue Cross and Blue Shield of Illinois, Blue Cross and Blue Shield of Montana, Blue Cross and Blue Shield of New Mexico, Blue Cross and Blue Shield of Oklahoma, and Blue Cross and Blue Shield of Texas, Divisions of Health Care Service Corporation, a Mutual Legal Reserve Company, and Independent Licensee of the Blue Cross and Blue Shield Association © Copyright 2022 Health Care Service Corporation. All Rights Reserved.