Senior Security GRC Analyst

How is this team contributing to the vision of Providence

We, at Enterprise Services, the healthcare consulting and services arm of Providence India, help build technology solutions that modernize and simplify each step of the healthcare delivery process. And we do that by putting the patient and the provider at the center of everything we do. Using the most promising and practical ideas, combined with the experience and expertise from people from the healthcare industry, we are creating experiences that work for care facilities, their patients and move us ahead on our mission of Health for a better world .

What will you be responsible for

• Be part of Security Governance, Risk and Compliance (GRC) team. Participate and advance the Security GRC capability operating out of India.
• Manage risks related to the use of Information Technology, Cybersecurity, Data Privacy, regulatory compliance and governance.
• Conduct Control and Risk Assessment to identify risks, and key mitigating controls. Assessment types include, but are not limited to, Internal Control / Security / Risk Assessment, Third Party Security / Risk Assessment, Third Party Application Security Assessment, Medical Device Security Assessment, etc.
• Guide business owners and end-users on the implementation of solutions that comply with Cybersecurity policies and standards.
• Collaborate with stakeholders (e. g. Senior Leadership, Strategic Business Units, IT, Legal) to ensure a consistent process for identifying, assessing, responding and reporting on security risks and compliance gaps.
• Report overall GRC performance against established organizational metrics.
• Maintain updated knowledge in the field of Cybersecurity and Data Privacy and monitor the legal and regulatory environment for developments.

What would your day look like

• Assess design effectiveness and continually monitor operating effectiveness of controls. Follow up, track, analyze and report on Risk Assessment results. Track and monitor risks regularly, evaluating requested security exception and risk level, and risk treatment plans.
• Lead governance and facilitate remediation recommendations of related issues, gaps, deficiencies, or risks.
• Advise stakeholders with identifying compensating control alternatives where organizational requirements cannot be met.

Who are we looking for

• 4-year University (Bachelor s) degree in Computer Science, Information Technology, or STEM fields, or equivalent experience.
• 4+ years of Information Systems experience, 2+ years of Information Security / GRC experience.
• Enthusiastic, results oriented, having a strategic perspective on Cybersecurity.
• Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level.
• Ability to define and communicate risk in business-relevant language.
• Working experience in developing, testing, evaluating, and reporting Cybersecurity policies and controls.
• Knowledge of System, Cloud, Network and IAM security configurations and application of risk analysis.
• Proficient in writing/creation of formal documentation such as policies, processes, procedures, reports and presentations.
• Adaptable to shifting priorities, demands, and timelines through analytical and problem-solving capabilities. Able to react to project adjustments and alterations promptly and efficiently.
• Working experience of a GRC tool, such as Archer or MetricStream.
• Working knowledge of Cybersecurity and Data Privacy best practices and standards (ISO/IEC 27001/27002, 27005, 27701, NIST CSF, NIST SP 800-53, 800-39, SOX 404).
• Familiarity with Healthcare Cybersecurity and Data Privacy requirements (HIPAA, HITECH).
• Preferred Security+, SSCP, GSEC or equivalent certification.