The GRC Analyst will coordinate and independently execute corporate compliance initiatives. This role will work closely with the security and compliance teams and play a key role in implementing and executing RxBenefits compliance vision. The ideal candidate will have strong program and project management skills and high attention to detail with the ability to multi-task.
Essential Job Responsibilities Include:
- Work with RxBenefits teams to identify and maintain a list of high-value assets and their associated threats and vulnerabilities
- Document and maintain processes across the enterprise to reduce security risk; work with partners across the organization to design and mature security controls to support the mitigation of risks
- Perform routine or ad-hoc security risk assessments on various topics as needed or in response to management requests
- Assist in maintaining the GRC platform to document controls, risk information, and other related details
- Produce periodic views/ reports of security risk to inform executives of the health of the program and of the company’s risk position
- Prepare for and assists with responding to internal and external audits
- Evaluates impact of all control deficiencies in an audit, expands and refines control deficiency documentation to drive actionable business impact
- Work with RxBenefits Clients to respond to security questionnaire and/or audit report requests
- Exercises judgment and critical thinking to influence business partners
- Helps business partners balance their business strategy with appropriate risk management controls
- Stay up to date with latest audit and compliance trends
- Manages 3rd party vendor assessment and compliance
- Assist with development of policies, procedures, and standards
- All other duties as assigned
Required Skills / Experience:
- Bachelor’s degree or relevant equivalent experience
- 3+ years of Audit, Risk or Compliance experience
- IT general controls and other IT controls as indicated in NIST, ISO, COBIT and other frameworks
- 3+ years of HIPAA regulatory controls, SSAE, SOC1 and SOC2
- Healthcare industry experience preferred
- Ability to juggle multiple work efforts and to quickly change direction
- Experience working with external audit firms
- Ability to work in a very detailed manner as well as to look broadly across a population and develop connections and themes identifying risk and concerns
- Sound organizational, analytical, oral, and written communication skills – Ability to successfully communicate to influence management and lead change in both strategic and tactical initiatives
- Self-starter, desire to learn, able to teach others, high energy, positive attitude, exhibits flexibility