IT GRC Analyst

Job Summary

The Security, Risk & Compliance (SR&C) Analyst is responsible for assisting the IT Security team in identifying, assessing, and mitigating security risks, ensuring compliance with relevant regulations and industry standards, and implementing effective security controls across the organization. This role requires a strong understanding of information security principles, risk management frameworks, and compliance requirements.

Roles and Responsibilities

• Conduct and document risk assessments, including third-party risk assessments, for IT systems and applications.

• Conduct and maintain Business Impact Analysis to identify key business processes and

associated systems, risks, and dependencies.

• Assist in maintaining Business Continuity and Disaster Recovery planning.

• Develop and implement risk mitigation plans to address identified vulnerabilities and threats.

• Assist in creation and maintenance of role-based access control model for systems and applications.

• Participate in Sarbanes Oxley (SOX), IT General Control (ITGC) testing and fulfill requests as needed.

• Assist in maintaining cybersecurity policies and procedures.

• Assist in creation and maintenance of security awareness training for employees.

• Assist with the implementation and maintenance of security controls such as firewalls, intrusion detection systems, and data encryption.

• Identify opportunities and efficiencies in work processes and procedures.

• Prepare and present reports on security risks and compliance activities to management.

• Work with other departments to ensure compliance with relevant regulations and industry

standards including but not limited to SEC (Cyber Security), SOX, HIPAA, and PCI DSS.

• Stay up-to-date on the latest security threats and vulnerabilities.

• Perform other duties as assigned.

Licenses and Certifications

CISA Preferred

Physical Requirements

Sitting, standing, bending, reaching, stretching, stooping, walking, and moving intermittently during working hours. Must be able to lift at least 50lbs. Must be able to maintain verbal and written communication with co-workers, supervisors, residents, family members, visitors, vendors, and all business associates outside of the health campus.