Sr. GRC Security Analyst (remote)

At Claritev, we pride ourselves on being a dynamic team of innovative professionals. Our purpose is simple - we strive to bend the cost curve in healthcare for all. Our dedication to service excellence extends to all our stakeholders – internal and external - driving us to consistently exceed expectations. We are intentionally bold, we foster innovation, we nurture accountability, we champion diversity, and empower each other to illuminate our collective potential.

Be part of our amazing transformational journey as we optimize the opportunity towards becoming a leading technology, data, and innovation voice in healthcare. Onward and Upward!!!

JOB SUMMARY: This role will support leadership in all aspects and leadership of vendor and risk management programs such as audits, risk assessments, vendor management, policy management, and security awareness. Working closely with various business units (Legal, Finance, Operations) and IT stakeholders across the organization, this position will be responsible for executing and maturing the program.

DUTIES:

1. Serve as a trusted advisor and subject matter expert, providing IT risk management services to IT team members and guidance to IT subject matter experts on audit and assessment requests. Support GRC leader to build GRC strategy and multi-year roadmaps to mature Claritev’s GRC function.
2. Collaborate with other members of the risk management team to develop standards and processes that serve to protect the confidentiality, integrity, and availability of Claritev data.
3. Provide mentorship and day-to-day support to GRC analysts to enable the team to deliver the best work and develop their professional skills.
4. Provide technical leadership to build GRC’s capabilities such as risk management, vendor security assessment, and our compliance program.
5. Drive efforts with IT stakeholders, and internal and external auditors to ensure regulatory compliance with SOC1, SOC2, SOX, and HITRUST as well as compliance with our policies and standards.
6. Assist with audits and reviews of assigned business processes to evaluate adequacy of controls within IT, on findings, and make recommendations for corrections of weaknesses, and improvements in operations.
7. Drive ongoing security assessments to enable Claritev to identify, assess, treat, and monitor cybersecurity risks.
8. Manage and mature the overall process to intake and respond to client security requests (i.e., questionnaires).
9. Develop and implement IT audit programs and testing procedures and processes relevant to risk/compliance and test objectives across IT Departments.
10. Conduct information security assessments of third-party vendors to determine their ability to protect Claritev data.
11. Work with business owners to develop plans to remediate identified vendor risks and vulnerabilities, negotiate dates for completion of remediation tasks, and track and report on progress on remediation of identified vendor risks and vulnerabilities.
12. Build a risk-aware culture by maturing existing risk management processes to monitor, track, measure, and report cyber risks.
13. Collaborate, coordinate, and communicate across disciplines and departments.
14. Ensure compliance with HIPAA regulations and requirements.
15. Demonstrate Company’s Core Competencies and values held within.
16. The position responsibilities outlined above are in no way to be construed as all encompassing.  Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.

JOB SCOPE:

In this role, your foundational knowledge, skills, abilities, and personal attributes are anchored in the following:

• Good judgment - the exercise of critical thinking, analyzing and assessing problems and implications, identifying patterns, making connections of underlying issues, understanding risks, developing mitigation strategies, and taking ownership of the outcome.
• Resourcefulness - taking a can-do approach, even in the face of obstacles and constraints by assessing what’s in front of you and effectively and efficiently optimizing what you have, whether it's working on something new or thinking about how to do something better.
• Teamwork and communication - putting our collective best together through documentation, collaboration, relationship-building, listening, empathy, recruiting, and evangelism.
• Influence and leadership - fostering a community of knowledge-sharing, collaboration, mentorship, and forward-thinking.
• Skills and knowledge - the capacity to actively learn and apply specific domain knowledge, know-how, and best practices to continually enhance and improve.

REQUIREMENTS (Education, Experience, and Training):

• At least 5+ years' experience directly in cybersecurity fields, with a demonstrated track record of leading complex GRC projects in at least two of the following areas: cyber risk management, vendor security management, policy & compliance, security awareness and communication.
• A deep understanding of risk assessment methodology, NIST CSF, HITRUST, HIPAA, and associated security and privacy rules.
• Strong knowledge and experience with operational risk management, covering the full lifecycle of activities, including risk identification, assessment, mitigation, monitoring, and reporting.
• Functional knowledge of security domains and information security industry standard and best practices.
• Strong knowledge of third-party assessments, IT risk management, regulatory requirements and compliance and overall business processes, controls and risk exposure.
• Ability to identify and recommend tools, processes, and software to automate and continuously improve security and compliance practices.
• Previous experience with GRC solutions – Onspring, Archer, Lockpath, LogicGate etc
• Technical understanding of cloud-based security in an AWS environment.
• CISSP, CISA, CISM, CRISC certifications are a plus.
• Ability to maintain confidentiality of information.
• Ability to work independently as well within a team and with client users.
• Ability to organize, prioritize, and coordinate multiple work activities and meet target deadlines.
• Ability to be flexible when there are schedule or priority changes and last-minute requests.
• Ability to travel as needed to Company locations and third-party locations within the US.
• Required licensures, professional certifications, and/or Board certifications as applicable

COMPENSATION

The salary range for this position is $130 -145K. Specific offers take into account a candidate’s education, experience and skills, as well as the candidate’s work location and internal equity. This position is also eligible for health insurance, 401k and bonus opportunity.

BENEFITS

We realize that our employees are instrumental to our success, and we reward them accordingly with very competitive compensation and benefits packages, an incentive bonus program, as well as recognition and awards programs.  Our work environment is friendly and supportive, and we offer flexible schedules whenever possible, as well as a wide range of live and web-based professional development and educational programs to prepare you for advancement opportunities.

Your benefits will include:

• Medical, dental and vision coverage with low deductible & copay
• Life insurance
• Short and long-term disability
• Paid Parental Leave
• 401(k) + match
• Employee Stock Purchase Plan
• Generous Paid Time Off – accrued based on years of service
  • WA Candidates: the accrual rate is 4.61 hours every other week for the first two years of tenure before increasing with additional years of service
• 10 paid company holidays
• Tuition reimbursement
• Flexible Spending Account
• Employee Assistance Program
• Sick time benefits – for eligible employees, one hour of sick time for every 30 hours worked, up to a maximum accrual of 40 hours per calendar year, unless the laws of the state in which the employee is located provide for more generous sick time benefits

EEO STATEMENT

Claritev is an Equal Opportunity Employer and complies with all applicable laws and regulations.  Qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability or protected veteran status.  If you would like more information on your EEO rights under the law, please click here.

APPLICATION DEADLINE

We will generally accept applications for at least 15 calendar days from the posting date or as long as the job remains posted.

#LI-MZ1