Information Security GRC Analyst IV

Job Summary:

The Information Security GRC Analyst IV manages day to day, short and long term information security risk and compliance programs. They also ensure activities are within risk tolerance and in compliance with approved policies, procedures and standards.

Essential Functions:

• Collaborate with key stakeholders and customers in the execution of the processes and controls related to information security risk and compliance to protect business interests and achieve business goals
• Responsible for the measurement, monitoring, communicating, and reporting of cybersecurity risk, security metrics, risk mitigation plans, and status of execution of strategic and tactical plans
• Regularly assess and report to management any exceptions to information risk management policies, procedures, and standards
• Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified
• Design, review, mature, and manage a framework of internal IT controls sufficient to effectively protect the confidentiality, integrity, and availability of information assets critical to the business, maintaining robust evidence of controls and representing these records to internal and external auditors and regulators
• Will serve as the primary point of contact and liaison between any internal or external auditors and regulators for the purpose of facilitating IT audits and assessments, minimizing the impact and disruption to IT personnel
• Work with the department leadership in establishing security strategy, goals, and objectives
• Facilitate overall analysis, design, artifacts, and technical requirements validation for strategic initiatives
• Acts as an expert in functional domain
• Build employee knowledge and skills in specific areas of expertise
• Oversee and provide guidance of all aspects associated with enhancement or project work
• Demonstrate business and technical acumen proficiency
• Deliver engaging, informative, and well-organized presentations
• Effectively execute and communicate change management
• Perform any other job-related instructions as requested

Education and Experience:

• Bachelor’s degree or equivalent years of relevant work experience required
• Master’s degree is preferred
• Minimum of ten (10) years of IT, IT Risk, or Security experience is required
• Minimum of five (5) years of Security Risk or Program Management experience preferred

Competencies, Knowledge and Skills:

• Ability to effectively prioritize and execute tasks while working both independently and in a team-oriented, collaborative environment
• Strong interpersonal skills including excellent written and verbal communication skills; listening and critical thinking; presentation skills, facilitation skills
• Strong organizational skills to help prioritize and manage workload
• Ability to establish effective working relationships with stakeholders at all different levels
• Flexibility during organizational and/or business changes
• Ability to manage multiple projects while demonstrating a sense of urgency
• Effective problem-solving skills with attention to detail
• Effectively disseminates information to appropriate audiences verbally and in writing
• Ability to actively foster appropriate level of participation within teams and gather essential input to enable decision-making
• Working technical knowledge/experience of the following:
  • IT Audit/Compliance/Risk
  • Security Management
  • Project/Program Management

Licensure and Certification:

• Certifications in Information Security, such as CISSP, CRISC, SSCP, CISA, CISM preferred
• Project Management Professional (PMP) preferred

Working Conditions:

• General office environment; may be required to sit or stand for extended periods of time

Compensation Range:

CareSource takes into consideration a combination of a candidate’s education, training, and experience as well as the position’s scope and complexity, the discretion and latitude required for the role, and other external and internal data when establishing a salary level. In addition to base compensation, you may qualify for a bonus tied to company and individual performance. We are highly invested in every employee’s total well-being and offer a substantial and comprehensive total rewards package.

Compensation Type (hourly/salary):

Organization Level Competencies

• Create an Inclusive Environment

• Cultivate Partnerships

• Develop Self and Others

• Drive Execution

• Influence Others

• Pursue Personal Excellence

• Understand the Business

This job description is not all inclusive. CareSource reserves the right to amend this job description at any time. CareSource is an Equal Opportunity Employer. We are dedicated to fostering an inclusive environment that welcomes and supports individuals of all backgrounds.