| |
| The Governance, Risk & Compliance (GRC) Analyst - Intermediate will collaborate with process owners, internal auditors, external auditors, and other stakeholders in order to assist in reviewing, monitoring, and resolving cybersecurity risk. This includes helping the organization manage HITRUST, HIPAA and NIST Common Security Framework (CSF) audits and attestations. By supporting the implementation of internal and external assessments, responding to and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards including SOC2, ISO 27001, PCI-DSS, SOX, and other GRC activities, the Principal GRC Analyst will also contribute to managing the organization?s IT compliance program. |
| |
Lead the execution and reporting of outcomes derived from Third Party Risk Assessments.
Manage the completion of risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with NIST and HITRUST standards.
Manage and monitor a central repository for all security risks and audit evidence.
Maintain security standards, policies, and practices on an annual basis to make sure they meet organizational and regulatory requirements.
Manage a security awareness training program in order to educate associates about security compliance standards, risk management practices, and ethical behavior.
Collaborate with legal and compliance teams to ensure policies and security controls align with regulatory requirements.
Conduct internal audits to assess the effectiveness of security controls and identify areas for improvement.
Performs other duties as assigned. |
| EDUCATION: |
| Required: Bachelor's Degree and/or equivalent experience |
| EXPERIENCE: |
| Required: 5 years |
| LICENSURE/CERTIFICATION/REGISTRY/LISTING: |
| Required: Certified Information Systems Auditor (CISA) - Obtain within 12 months. |
Equal Opportunity Employer At Cone Health, we strive to create a welcoming atmosphere that celebrates a diverse and unique workforce. We believe in offering equal opportunities for employment to all applicants and employees, regardless of their race, religion, age, sex, sexual orientation, gender identity, veteran's status, ethnicity, national origin, disability, color, or any other characteristic protected by law. Our hiring and employment choices are based on each individual's qualifications, skills and performance. We believe that by embracing the diversity of our team, we can better serve our patients, communities and each other.
|
Cone Health
Jul 30, 2025