IT Governance, Risk & Compliance Analyst

Are you motivated to participate in a dynamic, multi-tasking environment? Do you want to join a company that invests in its employees? Are you seeking a position where you can use your skills while continuing to be challenged and learn? Then we encourage you to dive deeper into this opportunity.We believe in career development and empowering our employees. Not only do we provide career coaches internally, but we offer many training opportunities to expand your knowledge base! We have highly competitive benefits with a variety HMO and PPO options. We have company 401k match along with an Employee Stock Purchase Program. We have tuition reimbursement, leadership development, and even start employees off with 16 days of paid time off plus holidays. We offer wellness courses and have highly engaged employee resource groups. Come join the Neo team and be part of our amazing World Class Culture!NeoGenomics is looking for an IT Governance, Risk, and Compliance Analyst who wants to continue to learn in order to allow our company to grow. This is a remote, Monday - Friday day shift. Now that you know what we're looking for in talent, let us tell you why you'd want to work at NeoGenomics:As an employer, we promise to provide you with a purpose driven mission in which you have the opportunity to save lives by improving patient care through the exceptional work you perform. Together, we will become the world's leading cancer reference laboratory.

Position Summary: The IT Governance, Risk, & Compliance (GRC) Analyst will be responsible for partnering with IT & Business Leadership to develop, implement, maintain, and mature the GRC Program.  A successful candidate has a high degree of proficiency with compliance and security framework standards, including US and International security laws, regulations, and industry best practices.  Must have demonstrated background and experience with audit processes and IT security risk assessment programs.  Core Responsibilities

• Support our information security program to ensure consistent, effective practices which minimize risk and ensure the confidentiality, integrity, and availability of organizational assets.
• Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
• Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light. Provide guidance, evaluation and advocacy on audit responses.
• Provide support to the NeoGenomics GRC programs such as: Risk Management, Third Party/Vendor Management, Vulnerability/Threat Management, and Compliance Management.
• Evaluate whether appropriate administrative, technical, and physical controls are in place and aligned with the organization's business needs and strategic direction relating to security and compliance.
• Collaborate with different departments in the analysis, response, and document packages of RFPs and security questionnaires as required by clients of NEOGENOMICS business units.
• Assess and monitor security processes and controls to assure compliance with applicable security frameworks, regulatory, and client requirements as well as promote good information security practices.
• Generate reports on assessment findings and summarizes them to facilitate remediation tasks for other IT operational teams.
• Conduct formal risk analysis and self-assessments program for various NeoGenomics brands and the associated information services systems, processes, and infrastructure.
• Facilitate audit engagement, data/artifact collection, exception remediation and monitoring.
• Supply the design, implementation, and optimization of the GRC application or solutions.
• Supplies maintenance and updates of library of information security control standards and procedures based on Information Security policies, procedures, and standard methodologies.
• Maintains an up-to-date understanding of emerging trends in information security risks; applies new techniques and trends, in-line with overall information security objectives and risk tolerance.
• Maintain awareness of changes or updates on security control frameworks, compliance laws and statute and identify the impact to the business and its security posture.

Education, Experience & Qualifications:

• Bachelor’s degree in Computer Science or technical related field is helpful.
• 3+ years relevant experience in one or more functions: information technology, software engineering, or computer networking.
• 3+years relevant experience in one or more functions: risk management, audit, compliance, or privacy preferred.
• 3+ years in heavily regulated industry preferred.
• Knowledge of compliance and security framework standards such as ISO 27000, PCI, HIPAA, HITECH, SOC, SOX, 21 CFR 11, CAP, CLIA, NIST, COBIT, and GDPR preferred.
• Certifications: Certified Risk and Information Systems Control (CRISC), or Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM) preferred.

• Ability to communicate clearly and concisely technical information to non-technical individuals.
• Strong organizational skills, attention to detail, and follow up skills
• Ability to handle stressful situations and demonstrate a potential for strong analytical skills
• Work in compliance of safety policies and standards outlined in the Safety Manual
• Some travel required