• InfoSec GRC Analyst - Governance Risk and Compliance Security Analyst

    Requisition ID
    2018-3796
    # of Openings
    1
    Category
    Information Systems
    Location
    US-GA-Atlanta
  • Overview

    Must be familiar with Governance Risk and Compliance(GRC) solutions and technology platforms.  General knowledge of security tools, solutions, and appliances in support of security domains such as: network security, e-Mail and end-point security, vulnerability scans, access controls, and log management etc.  Basic technical understanding of cloud services principles such as IAAS, SAAS, and PAAS. Practical knowledge and experience with compliance and security framework standards such as SOX, PCI, SOC, NIST, ISO 27001, HITRUST, HIPAA and HITECH.  Must have knowledge of compliance audit processes and IT security risk assessment programs. Capable of articulating general IT security policies, processes, and technical controls.

    Responsibilities

    ESSENTIAL DUTIES AND RESPONSIBILITIES TO PERFORM THIS JOB SUCCESSFULLY INCLUDE, BUT ARE NOT LIMITED TO THE FOLLOWING (Core 25-d):

    • Provide support and contribute to the ExamWorks InfoSec GRC programs such as: Risk Management, Third Party/Vendor Management, Vulnerability/Threat Management, Compliance Management, RFP/SAQ Process Management and others.
    • Collaborate with different departments in the analysis, response, and document packages of RFPs and security questionnaires as required by clients of EW business units.
    • Assess and monitor security processes and controls to assure compliance with applicable security frameworks, regulatory, and client requirements as well as promote good information security practices.
    • Generates reports on assessment findings and summarizes them to facilitate remediation tasks for other IT operational teams.
    • Conduct formal risk analysis and self-assessments program for various ExamWorks brands and the associated information services systems, processes, and infrastructure.
    • Facilitate HITRUST, SOC2 audit engagement, data/artifact collection, exception remediation and monitoring.
    • Key contributor to the design, implementation, and optimization the GRC application or solutions.
    • Facilitate HITRUST, SOC2 audit engagement, data/artifact collection, exception remediation and monitoring.
    • Contributes to maintenance and update of library of information security control standards and procedures based on Information Security policies and procedures and industry best practices.
    • Maintain awareness of changes or updates on security control frameworks, compliance laws and statute and identify the impact to the business and its security posture.
    • Compiles management reports, summary analysis, and detailed presentations to describe risk, controls, and maturity assessments.
    • Facilitate information security awareness programs and facilitate periodic awareness training, phishing campaigns, security newsletters and publications.
    • Conduct or participate in the cross training sessions with the IT Security team in the management and configuration of security tools and technical controls.
    • Troubleshooting and resolving security related GRC and technical issues effectively and efficiently.
    • Prioritizing, evaluating, resolving and escalating calls or tasks as required.
    • Providing appropriately detailed and timely follow-up support with customers (internal and external)
    • Providing updates, status, and completion information to the InfoSec Manager - GRC through voice mail, e-mail, or in-person communication.

     

    #LI-KO1

    Qualifications

    EDUCATION AND/OR EXPERIENCE (Core 25-a)

    College Degree in Computer Science or related field with minimum of 2 years in IT security, risk management, compliance, and audit.  Practical knowledge and experience with compliance and security framework standards such as SOX, PCI, SOC, NIST, ISO 27001, HITRUST, HIPAA and HITECH.  Must have knowledge of compliance audit processes and IT security risk assessment programs. Capable of articulating general IT security policies, processes, and technical controls.

     

    CERTIFICATES, LICENSES, REGISTRATIONS (Core 25-c)

    Certified Risk and Information Systems Control(CRISC) or Certified Information Systems Auditor(CISA) or Certified Information Security Manager(CISM)

     

    To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. 

    • Applicant must be willing to travel 10-15% of the time
    • Applicant must be able to travel outside the US
    • Ability to work independently with or without direction and/or supervision.
    • Follow instructions and respond to senior managements’ directions accurately
    • Ability to effectively interface with a broad range of people and roles.
    • Advanced computer troubleshooting, analysis, critical thinking and problem solving skills
    • Ability to manage multiple tasks with frequent interruptions, occasionally in urgent situations
    • Demonstrate accuracy and thoroughness. Looks for ways to improve and promote quality and monitors own work to ensure quality is met
    • Ability to learn multiple programs and systems
    • Demonstrate effective communication skills by conveying necessary information accurately, listening effectively and asking questions where clarification is needed
    • Ability to effectively interface with a broad range of people and roles.
    • Prioritize work activities and use time efficiently
    • Flexibility and adaptability in work approach.
    • Maintain medical confidentiality
    • Demonstrate team behavior and must be willing to promote a team-oriented environment
    • Maintain focus and concentrate in close quarters with normal distractions and without distracting others
    • Adapt to change in work environment with the ability to manage change, delays, or unexpected events
    • Demonstrate reliability by arriving to work on time and by abiding by the attendance policy and occasionally work past the end of the work shift as needed
    • Be on call for after-hours coverage as listed on a rotation schedule
    • Abide by the company dress code
    • Perform miscellaneous duties as needed.

     

     

    Options

    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed