IT Security Governance Analyst

Under general supervision of the Sr. Manager, Cyber & Privacy Governance, the IT Security Governance Analyst is a front-line member of the IT Security Program team responsible for the overall management of the IT Security Program. The IT Security Governance Analyst is responsible for supporting internal, external, and client audits, managing security risks within a GRC solution, and assessing security-related risks associated with third parties.

Essential Duties and Responsibilities

* Assist in developing checklists, programs, and/or guidelines to support Security Governance processes.

* Support auditors, including advising on scope, training of staff, interpretation of control requirements, and gathering of artifacts.

* Coordinate Internal/External audit artifact requests and meetings.

* Oversee the gathering and reporting of metrics related to audit support, including remediation of audit findings and potential audit impacts.

* Assist in the creation of security risk and metric reports provided to management.

* Gather client requirements and data which may include site surveys and system evaluations.

* Assist in managing the ongoing due diligence process of third-party oversight.

* Performs other related duties, as required by Sr. Manager, Cyber & Privacy Governance

* 3 -5 years - Knowledge of IT Audit techniques and industry standards.

* 3-5 years - Knowledge of PCI-DSS, SOC 2 TYPE 2, HIPPA, ISO 27001:2022 (to name a few) standards and guidelines

* Strong analytical and technical skills.

* 3-5 years - Knowledge of information security standards, including CIS Critical controls and the NIST Cybersecurity Framework (to name a few).

* Ability to systematically assess a problem or situation to identify probable causes and solutions accurately.

* Understanding of a broad range of IT disciplines that would impact overall security posture.



* Bachelor's degree in computer science, Information Systems, or Cyber Security preferred; or CISSP, CISM equivalent.

* 3+ years' experience in Information Security, particularly GRC scope.

* PREFFERED HEALTHCARE EXPERIENCE: 3-5 years' experience Exclusively in well-established Health Plan and Health Provider Organization(s) focused on Information Security (e.g. Anthem).

* Experience with ticketing systems and some experience with ServiceNow is PREFERRED

* Experience with office productivity, reporting, and technical documentation software

* Exposure to systems monitoring tools and logging tools.

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.