Information Security GRC Analyst III

📋 Description

• Oversaw daily operations and managed both short-term and long-term information security risks to ensure activities remain within risk tolerance and comply with approved risk management policies, procedures, and limits.

• Assessed, tracked, and reported on information security risks.

• Evaluated and reported on vendor and third-party risks to support vendor risk management efforts.

• Collaborated with staff and/or vendors to formulate information security risk mitigation strategies for risks identified in vendor risk assessments.

• Monitored and reported on the execution of information security risk mitigation plans to ensure timely implementation.

• Involved employees in managing information security risks and ensured they understand their responsibilities regarding information security risk management.

• Conducted regular assessments and reported to management any deviations from information risk management policies, procedures, and limits.

• Coordinated with the Enterprise Risk Management office to ensure that information risk management policies, procedures, and limits align with Enterprise Risk Management policies and guidelines.

• Contributed to the development of operational department objectives.

• Served as a technical expert in the functional domain.

• Suggested technological improvements to enhance the experiences of CareSource customers and partners.

• Executed any other job-related tasks as assigned.

⛳️ Requirements

• Bachelor's Degree or equivalent relevant work experience is mandatory.

• At least seven (7) years of pertinent work experience is required.

• Capability to effectively prioritize and execute tasks while functioning both independently and within a team-oriented, collaborative environment.

• Strong interpersonal abilities, including excellent written and verbal communication, listening and critical thinking, as well as presentation and facilitation skills.

• Ability to build effective working relationships with stakeholders at all levels.

• Adaptability during organizational and/or business transitions.

• Competence in managing multiple projects while demonstrating a sense of urgency.

• Effective problem-solving skills with a keen attention to detail.

• Practical technical knowledge/experience in areas such as IT Audit, application, server, and network security, monitoring security events, supporting incident response activities, Sarbanes-Oxley (SOX) compliance, Microsoft Office, Access Management/Authentication and Authorization, security monitoring, data encryption, computer networking security, internet protocols (SSL, IPSEC, TCP/IP), Windows Operating System, and project management.

• Certification in Risk and Information System Control (CRISC) or System Security Certified Practitioner (SSCP) is preferred.

🏝️ Benefits

• A substantial and comprehensive total rewards package.

• Bonus linked to company and individual performance.