This position is responsible for the planning, design, enforcement and audit of information technology and information security policies, standards and procedures which safeguard the integrity of and access to enterprise systems, files and data elements; analyzing, tracking and acting on information technoloyg or information security policy exceptions, audits and assessments;
Maintaining knowledge of changing technologies, and provides recommendations for adaptation of new technologies, processes or policies; recognizing and identifying potential areas where existing informatio technology or information security policies, standards and procedures require change, or where new ones need to be developed, especially as a result of future business expansion and technology advances;
Pproviding management with analysis via risk assessments and briefings / reports to advise them of critical information technology / information security issues that may affect the companys business objective and / or compliance; collaborating with and feeds IT risk information into the Enterprise Risk Management program.
Works closely with Legal, Privacy and Marketing/Sales to review and respond to customer contracts to ensure that HCSC inoformation security can meet the operational requirements.
Evaluates and recommends information technology and information security products, services and/or processes to reduce risk and maintain compliance with applicable policies, mandates, laws and regulations; implementing the activities associated with the information technology and information security awareness programs and provides education and training on information technology and informatino securitysecurity policies, standards and practices; performing control assessments and working with appropriate Subject Matter Experts (SMEs) to document remediation plans; serving as a project lead and mentor to junior GRC team members.
Required Job Qualifications:
*Bachelor Degree and 4 years of IT / IS work experience with a broad range of exposure to systems analysis, application development, database design and administration.
*Understand IT / IS concepts and how to artciulate those in terms of risk.Interprets internal or external business issues and concepts and and can translate those into IT concepts that must be addressed via policy.
*Understand key IT / IS laws and regulations, such as the Health Insurance Portability and Accountability Act, as well as governance and compliance frameworks (e.g. NIST, COBIT, ITIL, HITRUST).
*Experience with audit and compliance controls. This could include previous IT auditing experience and / or technical controls implementation, as well as the ability to respond apprpriately to audit and assessment findings.
*Initiate and invoke creativity to solve complex problems; takes an outside in
*perspective to identify innovative solutions
*Collaborate well with individuals across the business and IT, as well as at all levels of the organization.Verbal and written communication skills, including the ability to articulate complex concepts to various technical and non-technical audiences.
*Experience with and understanding of overall GRC concepts.
*Work independently, with guidance in only the most complex situations.
*May lead functional teams or projects.
Preferred Job Qualifications:
*Bachelor Degree in Computer Science, Information Systems, or other related field.
* Experience reviewing contracts for operational feasibility.
*Experience with a GRC solution.
Job ID: DG-1024822