GreenvilleSCRecruiter Since 2001
the smart solution for Greenville jobs

InfoSec Analyst Analyst GRC Coordinator

Company: Palmetto Health
Location: Greenville
Posted on: May 3, 2021

Job Description:

Inspire health. Serve with compassion. Be the difference.

Job Summary

The Information Security Governance, Risk, and Compliance Coordinator is the subject matter expert for the Information Security Governance, Risk and Compliance program at Prisma Health. This position is responsible for developing, implementing and administering Information Security plans, policies and procedures, standards, and services and ensuring the ongoing compliance and security of Prisma Health information resources in the context of the NIST Cybersecurity Framework (CSF). This includes all aspect of Information Security risk assessment and management, policies and procedures, governance and compliance, vulnerability scanning, and security training and awareness.

Leads risk and compliance assessments and/or audits (HIPAA, PCI-DSS, NIST CSF, etc.) of organizational systems, to include SaaS, PaaS, IaaS services. Processes and interprets assessment results, and develops recommendations to treat risk to the organization. Leads in the presentation of risk assessment results and risk treatment plans to Prisma Health leadership, and oversees compliance with remeidation and risk treatment plans.

Responsible for development of Information Security related policies, procedures, and standards. Oversees and manages Third Party Risk Assessments and recommends controls and monitors the effectiveness of the controls after implementation.

Leads enterprise-wide, risk-based security and continuity capabilities to meet changing internal and external threat landscapes. This includes responsibility for identifying and protecting sensitive information, detecting and responding to cyber threats, and maintaining compliance with regulatory requirements and industry standards.

Leads in the development of security training and awareness delivery. Performs a security advocacy role and act as a liaison with business units for issues related to information security and ongoing compliance with governance and organizational policy.

Accountabilities

  • Leads security awareness training to organization employees. Administer and manage Security Awareness Training Program (research and update content, rollout, employee training participation verification, reporting on hosted LMS). Provides on-demand targeted security training supporting key initiatives. - 5%
  • Leads vulnerability management program to ensure vulnerabilities across the enterprise are identified, documented and remediated. Vulnerabilities to include common infrastructure systems and services, third party platforms, vendor managed medical systems, hosted web-services and software development code vulnerabilities. Reviews and verifies security patch processes to ensure software updates are applied within policy guidelines. - 5%
  • Responsible for Governance Risk and Compliance platform. Ensures information security risk is accurately tracked across the enterprise. Document, review and maintain risk, controls, control activities, conduct control mapping across multiple frameworks and regulatory requirements. - 15%
  • Manage third party risk and compliance assessment engagements. Performs internal system/platform risk assessments and audits. Responsible for completion of security compliance assessment questionnaires. - 10%
  • Leads Information Security Program implementation of the NIST Cybersecurity Framework including defining, documenting, implementing and enforcing policies, standards and practices to protect the Prisma Health sensitive information and resources. - 15%
  • Responsible for the implementation and management of incident response plan and reporting requirements by the GRC team to address security incidents and events, and takes action on policy violations or complaints. Participates with the incident response team to contain, and investigate incidents then prepare a plan to prevent future similar incidents. - 15%
  • Develops and presents information security reports and metrics for staff, management and executive presentations. - 10%
  • Leads in the development of security standards, policies and procedures and best practices for the organization. - 15%
  • Stays current on all regulations, laws, security frameworks and certifications. Research the latest information technology (IT) security trends and threats. - 5%
  • Assist technical staff to support security efforts as directed by management. - 5%

Supervisory/Management Responsibilities

This is a non-management job that will report to a supervisor, manager, director or executive.

Minimum Requirements

  • Bachelor's Degree - Computer Science, Information Security or business with technical experience
  • 8 years - A minimum of 8 years combined information security, healthcare, and technical experience

In Lieu Of

In Lieu of the education and experience requirements noted above, a combination of experience, education and certifications.

Required Certifications, Registrations, Licenses

  • ISACA Certified Information Systems Auditor (CISA) OR Certified in Risk and Information Systems Control (CRISC)
  • ISC2 Healthcare Certified Information Security & Privacy Practitioner (HCISSP, Preferred), Certified Information Security & Privacy Practitioner (CISSP), OR CompTIA Advanced Security Practitioner (CASP+)

Knowledge, Skills or Abilities

  • Understanding of information security healthcare industry regulatory requirements (HIPAA, PCI-DSS).
  • Knowledge of NIST Cybersecurity Framework, SOC 2, HITRUST and/or ISO 27001 Certifications - Preferred.
  • Ability to lead high-level presentations on security of information systems with organizational leadership.
  • Previous experience in healthcare industry information security.

Work Shift

Day (United States of America)

Location

Greenville Memorial Med Campus

Facility

7001 Corporate

Department

70019411 Information Security

Share your talent with us! Our vision is simple: to transform healthcare for the benefits of the communities we serve. The transformation of healthcare requires talented individuals in every role here at Prisma Health.

Keywords: Palmetto Health, Greenville , InfoSec Analyst Analyst GRC Coordinator, Other , Greenville, South Carolina

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest South Carolina jobs by following @recnetSC on Twitter!

Greenville RSS job feeds