Governance, Risk, & Compliance Analyst IV

Workforce Classification:

Join Our Team: Do Meaningful Work and Improve People’s Lives 

Our purpose, to improve customers’ lives by making healthcare work better, is far from ordinary. And so are our employees. Working at Premera means you have the opportunity to drive real change by transforming healthcare.

To better serve our customers, we are fostering a culture that emphasizes employee growth, collaborative innovation, and inspired leadership. We are dedicated to creating an environment where employees can excel and where top talent is attracted, retained, and thrives. As a testament to these efforts, Premera has been recognized on the 2025 America's Dream Employers list. Newsweek honored Premera as one of America's Greatest Workplaces, America's Greatest Workplaces for Inclusion, and America's Greatest Workplaces For Mental Well-Being, Forbes ranked Premera among America’s Best Midsize Employers for the fourth time.

Learn how Premera supports our members, customers and the communities that we serve through our Healthsource blog:  https://healthsource.premera.com/.

About the role of Governance, Risk and Compliance Analyst, IV

The Governance, Risk, and Compliance (GRC) Analyst IV is a senior member of the IT Risk team, championing GRC initiatives across Premera operations, and reports to the Manager of IT Risk, Cyber Risk Management. Possessing a strong sense of urgency, the GRC Analyst IV is instrumental in safeguarding protected data (PHI/PPI), aligning with multiple healthcare regulations, and fortifying risk management strategies. This position is responsible for owning a service within IT Risk and would provide coverage for other services within the capability. This position requires using critical thinking and influencing skills and leadership experience to ensure the operating effectiveness and maturity of their service. The role is key in educating Premera in the areas of IT Risk, IT Controls, and/or IT Resilience, and may be called upon to present evidence of effectiveness to auditors and regulators.  This Analyst requires excellent written communications and public speaking skills and should be comfortable making presentations to all levels of staff across the organization.

What you’ll do:

• Lead risk assessments and compliance audits aligned with healthcare regulations (e.g., HITRUST, NIST 800-53, HIPAA, SOC1/SOC2).
• Develop, implement, and maintain GRC frameworks and programs to support organizational objectives.
• Lead internal risk assessments and compliance audits across departments, providing data to leadership for risk-based decision making.
• Develop and enforce GRC frameworks tailored to Premera operations, systems, and third-party platforms.
• Monitor, analyze, and report on regulatory changes and industry standards for.
• Provide training and guidance to business units on governance, risk management, and compliance requirements.
• Assist in incident response, including breach assessments and HIPAA violation reporting, and post-incident reviews for compliance implications.
• Engage customers, community and managers at all levels to identify and understand key business issues and objectives, evaluate changes for organizational impacts and recommend an action plan as needed to remain in compliance with Premera Controls.
• Facilitate cross-functional teams in designing service solutions which incorporate IT Risk.
• Lead and perform complex problem and workflow analysis, drawing conclusions and recommending resolution opportunities.
• Research, inform and recommend opportunities to apply business and technology solutions to areas of assigned responsibilities.
• Develop and present material to Employees, Managers and Executives.
• Positively influence stakeholders towards achieving the right outcomes.
• Provide mentorship and direction to less experienced team members.
• Applies advanced understanding HITRUST framework
• Own and drive a service in the IT Risk & Resilience capability, such as:
  • Policies, Procedures and Standards management
  • Risk Management Process
  • IT Controls Design and Monitoring
  • IT Controls Compliance
  • Vendor Security

What you’ll bring:

• Bachelor's degree or four (4) years’ work experience. (Required)
• Five (5) years in an IT environment. (Required)
• Two (2) years’ influencing decisions on technology and process. (Required)
• Ability to perform risk assessment. (Preferred)
• Audit and controls experience. (Preferred)
• Experience with HITRUST Security Framework and Assessment. (Preferred)
• IT experience in healthcare. (Preferred)
• Demonstrated understanding of health plan operations and applicable security & privacy legislation. 
• Knowledge of business continuity planning practices.
• Knowledge of applicable practices and laws relating to data privacy and protection.
• Ability to cross-train with team members, as well as the ability to learn other services’ operations. 
• Track record of consistently driving projects to completion and taking accountability for work and results.  Confronts tough issues and situations. Exemplifies teamwork and serves as role model, while also successfully facilitating collaboration across multiple functions, department, and levels.  Unquestionable ethics and integrity are pertinent.
• Consults with clients and teammates to identify all facets of an issue and generate a solution.  Understands potential impacts to processes and systems across organization and factors these into solutions.  Excellent conceptualization, analytical and logic skills.
• Ability to communicate effectively and professionally, both orally and in writing, as well as the ability to articulate and translate technical language to non-technical customers.  Influence at all levels across the company within span of control.
• Exhibit skills of leadership and be able to perform duties with little or no supervision.
• Critical thinking and problem-solving skills 
• Adaptable to constant change

Working Environment
Work is performed within a normal office environment with ambient temperature.

Physical Requirements
The following have been identified as essential physical requirements of this job and must be performed with or without an accommodation:

• This is primarily a sedentary role which requires the ability to exert up to 10 lbs. of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull, or otherwise move objects, including the human body.
• This role requires the ability to keyboard and to communicate clearly and understandably in person and over the telephone.

Premera total rewards

Our comprehensive total rewards package provides support, resources, and opportunities to help employees thrive and grow. Our total rewards are more than a collection of perks, they're a reflection of our commitment to your health and well-being. We offer a broad array of rewards including physical, financial, emotional, and community benefits, including:

• Medical, vision, and dental coverage with low employee premiums.

• Voluntary benefit offerings, including pet insurance for paw parents.

• Life and disability insurance.

• Retirement programs, including a 401K employer match and, believe it or not, a pension plan that is vested after 3 years of service.

• Wellness incentives with a wide range of mental well-being resources for you and your dependents, including counseling services, stress management programs, and mindfulness programs, just to name a few.

• Generous paid time off to reenergize.

• Looking for continuing education? We have tuition assistance for both undergraduate and graduate degrees.

• Employee recognition program to celebrate anniversaries, team accomplishments, and more.

For our hybrid employees, our on-campus model provides flexibility to create your own routine with access to on-site resources, networking opportunities, and team engagement.

• Commuter perks make your trip to work less impactful on the environment and your wallet.

• Free convenient on-site parking.

• Subsidized on-campus cafes make lunchtime connections with colleagues fun and affordable.

• Participate in engaging on-site activities such as health and wellness events, coffee connects, disaster preparedness fairs and more.

• Our complementary fitness & well-being center offers both in-person and virtual workouts and nutritional counseling.

• Need a brain break? Challenge someone to a game of shuffleboard or ping pong while on campus.

Equal employment opportunity/affirmative action:

Premera is an equal opportunity/affirmative action employer. Premera seeks to attract and retain the most qualified individuals without regard to race, color, religion, sex, national origin, age, disability, marital status, veteran status, gender or gender identity, sexual orientation, genetic information or any other protected characteristic under applicable law.

If you need an accommodation to apply online for positions at Premera, please contact Premera Human Resources via email at careers@premera.com or via phone at 425-918-4785.

The pay for this role will vary based on a range of factors including, but not limited to, a candidate’s geographic location, market conditions, and specific skills and experience.

The salary range for this role is posted below; we generally target up to and around the midpoint of the range.

National Plus Salary Range:

*National Plus salary range is used in higher cost of labor markets including Western Washington and Alaska.

We’re happy to discuss compensation further during the interview because we believe that open communication leads to better outcomes for all. We’re committed to creating an environment where all employees are celebrated for their unique skills and contributions.