Lead Governance, Risk & Compliance Security Analyst in Kansas City, KS

View All Enterprise Technology jobs


Enterprise Technology   •  

8 - 10 years

Posted 8 weeks ago

Job Description

Being a member of Enterprise Security Governance Risk and Compliance team provides an exciting opportunity to be part of an innovative and dedicated team of security and audit professionals.

The Lead Governance, Risk and Compliance Security Analyst will be on the front lines of our Cerner Next strategy as we build and drive our Cloud Security Compliance initiatives while integrating into the overall enterprise compliance program. They will help develop a security framework and controls strategy to meet Cerner's regulatory and client compliance requirements. Additionally, they will lead in efforts to mature our security compliance program to a state of competitive advantage.

As a Lead Governance, Risk and Compliance Security Analyst you will lead a compliance program that will oversee the implementation of multiple compliance requirements across the organization, while working to minimize impact on lines of business. You will assist in the development of a Cerner Security Controls Framework based on Industry Standards (e.g. NIST 800-53, HITRUST, PCI, ISO). You will develop a strategy to maintain evidence and documentation to demonstrate Cerner's compliance. You will develop relationships across organizations to execute and complete projects according to plan. You will influence organizational change to comply with requirements. You will facilitate and manage risk-based control remediation activities. Lastly, you will become trusted advisor / subject matter expert and effectively communicate with external auditors.


Basic Qualification

  • Bachelor's Degree in Information Systems, Computer Science, Engineering, CIS, MIS, Accounting or related field or equivalent work experience
  • At least 7 years of Information technology security programs, audits, assessments, risk, or remediation management work experience
  • At least 4 years of Privacy law, data protection/security regulations, and frameworks, such as BITS, HITRUST CSF, COBIT, NIST and ISO27002 work experience

Preferred Qualifications

  • At least 5 years of experience scoping and leading large-scale information security compliance programs in an enterprise setting
  • At least 2 years of experience using the Cloud Shared Responsibility model and integration of the model into a security compliance program
  • Prior experience implementing multiple frameworks & controls across an organization and minimize impact on lines of business
  • Prior experience leading the adoption of GRC technology for a compliance program
  • Relevant security certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), CISMP (Certificate in Information Security Management Principles) a plus


  • Willing to work additional or irregular hours as needed and allowed by local regulations
  • Work in accordance with corporate and organizational security policies and procedures, understand personal role in safeguarding corporate and client assets, and take appropriate action to prevent and report any compromises of security within scope of position
  • Perform other responsibilities as assigned