Grc Analyst Ii

The GRC Analyst will coordinate and independently execute corporate compliance initiatives. This role will work closely with the security and compliance teams and play a key role in implementing and executing RxBenefits compliance vision. The ideal candidate will have strong program and project management skills and high attention to detail with the ability to multi-task.

Essential Job Responsibilities Include:

• Work with RxBenefits teams to identify and maintain a list of high-value assets and their associated threats and vulnerabilities
• Document and maintain processes across the enterprise to reduce security risk; work with partners across the organization to design and mature security controls to support the mitigation of risks
• Perform routine or ad-hoc security risk assessments on various topics as needed or in response to management requests
• Assist in maintaining the GRC platform to document controls, risk information, and other related details
• Produce periodic views/ reports of security risk to inform executives of the health of the program and of the company’s risk position
• Prepare for and assists with responding to internal and external audits
• Evaluates impact of all control deficiencies in an audit, expands and refines control deficiency documentation to drive actionable business impact
• Work with RxBenefits Clients to respond to security questionnaire and/or audit report requests
• Exercises judgment and critical thinking to influence business partners
• Helps business partners balance their business strategy with appropriate risk management controls
• Stay up to date with latest audit and compliance trends
• Manages 3rd party vendor assessment and compliance
• Assist with development of policies, procedures, and standards
• All other duties as assigned

Required Skills / Experience:

• Bachelor’s degree or relevant equivalent experience
• 3+ years of Audit, Risk or Compliance experience
• IT general controls and other IT controls as indicated in NIST, ISO, COBIT and other frameworks
• 3+ years of HIPAA regulatory controls, SSAE, SOC1 and SOC2
• Healthcare industry experience preferred
• Ability to juggle multiple work efforts and to quickly change direction
• Experience working with external audit firms
• Ability to work in a very detailed manner as well as to look broadly across a population and develop connections and themes identifying risk and concerns
• Sound organizational, analytical, oral, and written communication skills – Ability to successfully communicate to influence management and lead change in both strategic and tactical initiatives
• Self-starter, desire to learn, able to teach others, high energy, positive attitude, exhibits flexibility