Senior Cybersecurity Risk Governance Analyst

3 Months ago • 5-8 Years • Cyber Security

Job Summary

Job Description

The Senior Cybersecurity Risk Governance Analyst will advise IT and senior leadership on technology-related compliance with laws, regulations, and industry standards. They will assess changes in the regulatory, business, and technology environment and recommend changes to IT policies and controls. The role involves managing IT audit activities, including coordinating schedules, providing documentation, and negotiating issues. The analyst will perform IT risk and controls assurance assessments and recurring assessments of information security functions, identifying improvement areas. They will develop metrics, mentor team members, and optimize processes. The job description also includes responsibilities like providing expertise in complying with relevant regulations (HIPAA, PCI-DSS, etc.), facilitating IT audits, and assessing internal and third-party technology processes. The analyst needs to have the ability to solve problems with a systematic approach, build relationships, and effectively communicate.
Must have:
  • 5-8 years of experience in information security and IT audit facilitation.
  • Working knowledge of industry standards like NIST Cybersecurity Framework.
Good to have:
  • Experience in cloud-based environments (AWS, Azure, GCP).
  • Understanding of attack vectors and methodologies.
  • CISSP, CISM, CISA, CCSA or equivalent certification preferred.

Job Details

Job Summary:

Provide professional expertise and advise IT and senior leadership in matters relating to technology-related compliance with all applicable laws, regulations, industry standards and corporate compliance requirements. Assess changes in the regulatory, business and technology environment and recommend and implement or guide appropriate changes to IT policies, controls, and processes to address security and technology issues. Manage and coordinate IT audit activities by working with IT leaders, team members, external auditors, regulators, and other organizations that review and assess IT processes and controls. Lead and execute cybersecurity risk management activities include internal compliance and risk management activities as well as third-party vendor security oversight and response to customer security inquiries.

Responsibilities:

  • Provide professional expertise and advise leadership in complying with all applicable laws, regulations, and accreditations, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), FedRAMP, HITRUST, ISO 27001, and EU General Data Protection Regulation (GDPR).
  • Facilitate, oversee, and provide point of contact for all IT audits, assessments, and other reviews of processes and technology. Work with teams to coordinate schedules for activity. Work with IT teams to deliver requested evidence, documentation, conduct interviews, walk through processes, test controls, and negotiate issues. Manage and monitor development and execution of action plans by reviewing and evaluating reports for trends, working with leadership to prioritize findings, and track progress toward agreed upon timeframes. Ensure issues are appropriately documented, relevant, and understood.
  • Perform IT risk and controls assurance assessments of internal and third-party technology-related processes and solutions, working with IT leaders, security architects, Procurement, and other subject matter experts.
  • Perform recurring assessments of information security and technology functions to measure maturity against industry standard baselines, identifying improvement areas, registering risks, and assisting with action plans to move processes to a higher level of maturity.
  • Develop and maintain operational metrics to ensure information security and technology risk and the performance of the IT risk and compliance program is measured sufficiently to enable success.
  • Mentor and coach team members through risk assessments, including scoping of an assessment, resolving conflict, and prioritization of issues. Perform peer review of work product and deliverables.
  • Continuously look to optimize processes, technology and capabilities through tactical and strategic development.
  • Other duties as assigned.

Knowledge and Skills:

  • Strong analytical skills;
  • Demonstration of ability to solve problems using best practices and systematic approach
  • Relationship builder; able to create and maintain a trusted network on all levels;
  • Good communication, influencing and negotiating skills;
  • Written and oral communication skills including the ability to communicate complex technical issues to non-technical staff;
  • Project management and organizational skills;
  • Tactful and diplomatic when engaging with all levels of management always maintaining a
    professional demeanor.

Required Experience:

  • 5-8 years direct experience with information security, IT controls assurance and IT audit facilitation
  • Working knowledge of industry standards such as NIST Cybersecurity Framework, FedRAMP, NIST SP 800-53, ISO 27001, Sarbanes-Oxley, SOC1, SOC2, HIPAA, HITRUST and other similar frameworks.

Preferred Experience:

  • Experience in cloud-based environments for production applications, including Amazon Web Services, Microsoft Azure, GCP or other large-scale cloud deployment.
  • Understanding of attack vectors and methodologies.
  • Ability to weigh business risks and enforce appropriate information security measures.
  • CISSP, CISM, CISA, CCSA or equivalent certification preferred.

Proficient in the use of Microsoft Office (Excel and PowerPoint), Power BI and Power Automate.

GHX: It's the way you do business in healthcare
Global Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes.

GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions.

It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively. Together we take more than a billion dollars out of the cost of delivering healthcare every year. GHX is privately owned, operates in the United States, Canada and Europe, and employs more than 1000 people worldwide. Our corporate headquarters is in Colorado, with additional offices in Europe.

Disclaimer
Global Healthcare Exchange, LLC and its North American subsidiaries (collectively, “GHX”) provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. All qualified applicants will receive consideration for employment without regard to any status protected by applicable law. This EEO policy applies to all terms, conditions, and privileges of employment, including hiring, training and development, promotion, transfer, compensation, benefits, educational assistance, termination, layoffs, social and recreational programs, and retirement.


GHX believes that employees should be provided with a working environment which enables each employee to be productive and to work to the best of his or her ability. We do not condone or tolerate an atmosphere of intimidation or harassment based on race, color, national origin, sex, sexual orientation, gender identity, religion, age, genetic information, disability, veteran status or any other status protected by applicable law. GHX expects and requires the cooperation of all employees in maintaining a discrimination and harassment-free atmosphere. Improper interference with the ability of GHX’s employees to perform their expected job duties is absolutely not tolerated.

Similar Jobs

PwC - Programme Coordinator

PwC

Qormi, Malta (On-Site)
2 Months ago
Wolters Kluwer - Sr. Telephony Engineer (Genesys Cloud, MS Teams, Audiocodes, SIP Trunk Routing, Scripting)

Wolters Kluwer

Pune, Maharashtra, India (Hybrid)
3 Weeks ago
Nice - Technical Account Manager

Nice

United States (Remote)
1 Month ago
Marks, part of SGS & Co - Accounts Receivable Specialist

Marks, part of SGS & Co

Mumbai, Maharashtra, India (On-Site)
2 Months ago
deel. - Payroll Expert

deel.

Luxembourg (Remote)
1 Week ago
InMobiInMobi - Senior Information Security Analyst (IT Risk)

InMobiInMobi

Bengaluru, Karnataka, India (On-Site)
10 Months ago
Veeam Software - AI Application Security Engineer

Veeam Software

California, United States (Remote)
1 Month ago
Aledade - Senior Security Engineer II (Engineering & Tooling)

Aledade

United States (Remote)
6 Months ago
Twitch - Senior Security Engineer

Twitch

Los Angeles, California, United States (On-Site)
1 Month ago
London stock Exchange - Cyber Threat Intelligence Analyst

London stock Exchange

London, England, United Kingdom (On-Site)
2 Months ago

Get notifed when new similar jobs are uploaded

Similar Skill Jobs

The E.W. Scripps Company - Account Executive, KATC

The E.W. Scripps Company

Lafayette, Louisiana, United States (Hybrid)
1 Week ago
Accenture - Sales Operations Senior Analyst

Accenture

Gurugram, India (On-Site)
4 Weeks ago
NinjaVan - Internship (IT)

NinjaVan

Subang Jaya, Selangor, Malaysia (On-Site)
9 Months ago
Corsair - Purchasing Assistant

Corsair

Taipei City, Taiwan (On-Site)
3 Months ago
Nintendo - Associate Localization Planner (Bilingual Japanese)

Nintendo

Redmond, Washington, United States (Hybrid)
6 Months ago
Sprinkler - Senior Revenue Accountant

Sprinkler

United States (Remote)
2 Weeks ago
Thales - Soldering Technician

Thales

Glasgow, Scotland, United Kingdom (On-Site)
2 Months ago
Rippling - Global Payroll Operations Specialist (Danish Payroll)

Rippling

Denmark (Remote)
3 Months ago
Keywords International - Localization Project Coordinator - Asia

Keywords International

Taipei City, Taiwan (Hybrid)
4 Weeks ago
TFL Group - Director, Business Development

TFL Group

Overland Park, Kansas, United States (On-Site)
6 Months ago

Get notifed when new similar jobs are uploaded

Jobs in Hyderabad, Telangana, India

Axi - Front End Developer

Axi

Bengaluru, Karnataka, India (On-Site)
3 Weeks ago
Wind River - Senior Engineer - File Systems

Wind River

Bengaluru, Karnataka, India (Hybrid)
2 Months ago
Reliance games - Game Programmer (Nintendo Switch)

Reliance games

Pune, Maharashtra, India (On-Site)
1 Month ago
Capgemini - Connectivity & Network Engineer

Capgemini

Hyderabad, Telangana, India (On-Site)
2 Months ago
Capgemini - Application Consultant

Capgemini

Mumbai, Maharashtra, India (On-Site)
3 Months ago
Qualcomm - PC Video Game - Performance Testing

Qualcomm

Hyderabad, Telangana, India (On-Site)
1 Month ago
nextgen-clearing - Qlik Developer

nextgen-clearing

Navi Mumbai, Maharashtra, India (On-Site)
1 Month ago
PwC - Senior Associate - Bengaluru Millenia - Technology Consulting

PwC

Bengaluru, Karnataka, India (On-Site)
10 Months ago
ShyftLabs - Salesforce Service Cloud Lead Developer

ShyftLabs

Noida, Uttar Pradesh, India (Hybrid)
4 Months ago
Toku - Payroll Operations Specialist

Toku

Mumbai, Maharashtra, India (Remote)
6 Months ago

Get notifed when new similar jobs are uploaded

Cyber Security Jobs

Telastra - Senior Engineer - Platform Engineering Security Specialist

Telastra

Australia (Remote)
2 Weeks ago
bytedance - Software Engineer Intern (Privacy & Security - Global Payment)

bytedance

San Jose, California, United States (On-Site)
4 Months ago
Qualcomm - Security Design Verification Engineer, Staff

Qualcomm

Cork, County Cork, Ireland (On-Site)
1 Month ago
Opendoor - Staff Software Engineer - Application Security (SAST, DAST, IAST)

Opendoor

Kraków, Lesser Poland Voivodeship, Poland (Hybrid)
2 Months ago
Cadence - Senior Cybersecurity Engineer

Cadence

San Jose, California, United States (On-Site)
3 Months ago
GLu Mobile - Security Software Engineer

GLu Mobile

Bucharest, Romania (Hybrid)
2 Weeks ago
Qualcomm - Senior Cyber Security Engineer

Qualcomm

San Diego, California, United States (On-Site)
1 Month ago
Rackspace Technology - Security Engineer L3 (Endpoint Security)

Rackspace Technology

Gurugram, Haryana, India (Remote)
4 Months ago
Cadence - Sr Systems Information Security Analyst

Cadence

Noida, Uttar Pradesh, India (On-Site)
2 Months ago
Zazz - Cybersecurity Analyst

Zazz

(Remote)
5 Months ago

Get notifed when new similar jobs are uploaded

About The Company

Global Healthcare Exchange (GHX) enables better patient care and billions in savings for the healthcare community by maximizing automation, efficiency and accuracy of business processes. GHX is a healthcare business and data automation company, empowering healthcare organizations to enable better patient care and maximize industry savings using our world class cloud-based supply chain technology exchange platform, solutions, analytics and services. We bring together healthcare providers and manufacturers and distributors in North America and Europe - who rely on smart, secure healthcare-focused technology and comprehensive data to automate their business processes and make more informed decisions. It is our passion and vision for a more operationally efficient healthcare supply chain, helping organizations reduce - not shift - the cost of doing business, paving the way to delivering patient care more effectively.

Hyderabad, Telangana, India (On-Site)

Louisville, Colorado, United States (Hybrid)

Hyderabad, Telangana, India (On-Site)

Hyderabad, Telangana, India (On-Site)

Hyderabad, Telangana, India (On-Site)

Tacoma, Washington, United States (On-Site)

Hyderabad, Telangana, India (On-Site)

Hyderabad, Telangana, India (On-Site)

View All Jobs

Get notified when new jobs are added by GHX

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug