IT/IS GRC Consultant

At HCSC, we consider our employees the cornerstone of our business and the foundation to our success. We enable employees to craft their career with curated development plans that set their learning path to a rewarding and fulfilling career. Come join us and be part of a purpose driven company who is invested in your future! Minimum Salary Range Job Summary This Position Is Responsible For The Planning, Design, Enforcement And Audit Of Information Technology And Information Security Policies, Standards And Procedures Which Safeguard The Integrity Of And Access To Enterprise Systems, Files And Data Elements; Analyzing, Tracking And Acting On Information Technology Or Information Security Policy Exceptions, Audits And Assessments. Maintaining Knowledge Of Changing Technologies, And Provides Recommendations For Adaptation Of New Technologies, Processes Or Policies. Recognizing And Identifying Potential Areas Where Existing Information Technology Or Information Security Policies, Standards And Procedures Require Change, Or Where New Ones Need To Be Developed, Especially As A Result Of Future Business Expansion And Technology Advances; Providing Management With Analysis Via Risk Assessments And Briefings / Reports To Advise Them Of Critical Information Technology / Information Security Issues That May Affect The Company*S Business Objective And / Or Compliance; Collaborating With And Feeds It Risk Information Into The Enterprise Risk Management Program. Evaluates And Recommends Information Technology And Information Security Products, Services And/Or Processes To Reduce Risk And Maintain Compliance With Applicable Policies, Mandates, Laws And Regulations. Implementing The Activities Associated With The Information Technology And Information Security Awareness Programs And Provides Education And Training On Information Technology And Information Security Security Policies, Standards And Practices; Performing Control Assessments And Working With Appropriate Subject Matter Experts (Smes) To Document Remediation Plans; Serving As A Project Lead And Mentor To Junior Grc Team Members. May Lead Functional Teams Or Projects. Responsibilities * Plan, design, enforcement and audit of information technology and information security policies, standards and procedures which safeguard the confidentiality, integrity, availability and operations of enterprise technology assets and information. * Analyze, track and act on information technology or information security policy exceptions, audits and assessments. * Maintain knowledge of changing technologies, and provides recommendations for adaptation of new technologies, processes or policies. * Recognize and identify potential areas where existing information technology and information security policies, standards and procedures require change, or where new ones need to be developed, especially as a result of future business expansion and technology advances. * Provide management with analysis via with risk assessments and briefings / reports to advise them of critical information technology / information security issues that may affect the company’s business objectives and / or compliance. * Collaborate with and fees IT risk information into the Enterprise Risk Management program. * Evaluate and recommend information technology and information security products, services and/or processes to reduce risk and maintain compliance with applicable policies, mandates, laws and regulations. * Implement the activities associated with the information technology and information security awareness programs and provides education and training on information technology and information security policies, standards and practices. * Perform controls assessments and works with appropriate Subject Matter Experts to develop remediation plans * Serve as a project lead and mentor to junior team members. Required Job Qualifications: * Bachelor Degree and 4 years of IT / IS work experience with a broad range of exposure to systems analysis, application development, database design and administration or 8 years of IT / IS work experience with a broad range of exposure to systems analysis, application development, database design and administration. * Understand IT / IS concepts and how to artciulate those in terms of risk.Interprets internal or external business issues and concepts and and can translate those into IT concepts that must be addressed via policy. * Understand key IT / IS laws and regulations, such as the Health Insurance Portability and Accountability Act, as well as governance and compliance frameworks (e.g. NIST, COBIT, ITIL, HITRUST). * Experience with audit and compliance controls. This could include previous IT auditing experience and / or technical controls implementation, as well as the ability to respond apprpriately to audit and assessment findings. * Initiate and invoke creativity to solve complex problems; takes an “outside –in”perspective to identify innovative solutions * Collaborate well with individuals across the business and IT, as well as at all levels of the organization. Verbal and written communication skills, including the ability to articulate complex concepts to various technical and non-technical audiences. * Experience with and understanding of overall GRC concepts. * Work independently, with guidance in only the most complex situations. * May lead functional teams or projects. Preferred Job Qualifications: * Bachelor Degree in Computer Science, Information Systems, or other related field. * Experience with a GRC solution. Are you being referred to one of our roles? If so, ask your connection at Workday about our Employee Referral process! HCSC Employment Statement: HCSC is committed to diversity in the workplace and to providing equal opportunity and affirmative action to employees and applicants. We are an Equal Opportunity Employment / Affirmative Action employer dedicated to workforce diversity and a drug-free and smoke-free workplace. Drug screening and background investigation are required, as allowed by law. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.