Address
Form of work
SalaryMosaic Life Care is a health care system in northwest Missouri. With a vision of transforming community health by being a life-care innovator, Mosaic places the holistic needs of patients first by providing the right care at the right time and place, offering high value and quality health care.
Mosaic has a wide array of benefits to meet each employee’s individual needs. Our benefits were designed by listening to people just like you. Mosaic also offers several perks with a focus on ensuring our employees feel valued, including concierge services, employee lounge, wellness programs, free covered parking, free on-site and virtual health clinics and many more. When paired with compensation and recognition, it is what continues to make us the employer of choice for employees at any stage of their journey.
Details
- Remote - GRC Analyst II
- IT Cybersecurity
- Full Time Status
- Day Shift
- Pay: $78041 - $117062 / year
Summary
- Remote work is permitted in the following states: Alabama, Colorado, Florida, Georgia, Idaho, Iowa, Kansas, Indiana, Kentucky, Minnesota, Missouri, Mississippi, Nebraska, North Carolina, Oklahoma, South Carolina, Tennessee, Texas, Utah, and Virginia.
- The purpose of the Cybersecurity Governance Risk and Compliance (GRC) Analyst II position is to support the Cyber Security team for Mosaic Life Care. The Cybersecurity GRC Analyst II will report to the Cybersecurity Director. This program is responsible for developing, implementing, and assisting in managing critical GRC programs to identify and mitigate security risks and protect valuable and sensitive information and assets within the organization.
The expectations for this position are: - Assists in the execution of the GRC strategy to ensure security risks are identified and reported.
- Assists in the execution of the GRC strategy to ensure security risks are identified and reported.
- Identifies security design gaps in existing/proposed programs and processes as well as recommends changes/enhancements.
- Responsible for the interpretation and enforcement of cyber security policies, standards, and standard operating procedures.
- Develops, implements, and reports on key security risk and compliance metrics.
- Helps establish risk assessment and analyses remediation plan recommendations and proactively tracks progress of remediation efforts to ensure open issues/risks are addressed as agreed.
- Manages 3rd-party supplier security assessments to ensure assessments are completed during the pre-contracting phase, risk-level are appropriately assigned, and issues and findings are tracked and managed to closure.
- Supports the development and maintenance of the GRC strategy to ensure HIPAA Security Rule, NIST, PCI, and other audit requirements to report on the state of compliance and to ensure remediation is prioritized appropriately.
- Will assist in the evaluation and implementation of new security solutions and technologies as needed.
- Ability to analyze data and communicate risk to non-technical consumers.
Duties
- Responsible for establishing effective working relationships with Compliance, System Administrators, Application teams, as well as external teams to support and execute the Cybersecurity GRC strategy.
- Understand Mosaic’s technology environment to identify points of weakness and opportunities for solutions.
- Manages the Cyber Security Risk Register and internal and external security assessments and analyses remediation requirements
- Responsible for the development and maintenance of standard operating procedures GRC processes and programs.
- Supports the annual HIPAA Security Risk Assessment process and reporting.
- Participate in the annual PCI compliance program to assess credit card processing systems and processes and report compliance status.
- Conduct 3rd party cybersecurity risk assessments to measure and manage 3rd party risk.
- Support the cybersecurity risk assessment process for mergers and acquisitions to ensure appropriate cybersecurity controls are in place. Support the development of cybersecurity key risk indicators metrics.
- Support the development and implementation of Cybersecurity Awareness Training for caregivers.
- Proactively identifies and reports process improvements to ensure cybersecurity standards and SLAs are met.
- Participate in root cause analysis to determine improvement strategies for identified risks. Drive and participate in the reduction of enterprise and organizational cybersecurity risk.
- Educates caregivers on security awareness and related cybersecurity standards.
- Other duties as assigned
Qualifications
- All required education is a minimum requirement. Higher levels of education are acceptable. H.S. Diploma- High school diploma or GED equivalent required. Bachelor's Degree- Computer Science, Data Processing or related field is preferred. Vendor training in software and hardware products is required.
- CISSP - Cert Information Systems Security Prof. preferred. COMPTIA Network+, Security+, SANS/GIAC is preferred
- 2 Years - To be considered for a mid-level cybersecurity engineer position an individual should have job related experience is required.
- 3 Years - Experienced cybersecurity analyst requirements would consist of having job related experience; advanced training in security concepts such as risk management, CISA or similar certificates, is preferred.
