Information Security GRC Analyst III

Job Summary

The Information Security GRC Analyst III manages day-to-day and long-term information security risks, ensuring activities are within risk tolerance and comply with approved risk management policies, procedures and limits.

• Measure, monitor, and report on information security risks.
• Review and report on vendor/third‑party risk to support vendor risk management activities.
• Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified in vendor risk reviews.
• Monitor and report on information security risk mitigation plans to ensure timely execution.
• Engage employees in the management of information security risk and ensure they are aware of their accountabilities regarding information security risk management.
• Regularly assess and report to management any exceptions to information risk management policies, procedures and limits.
• Engage with the Enterprise Risk Management office to ensure information risk management policies, procedures and limits are aligned with Enterprise Risk Management policies and guidance.
• Contribute and provide input to the development of operational department goals.
• Act as a technical expert in the functional domain.
• Recommend technical advancements to improve Care Source customer and partner experiences.
• Perform any other job‑related instructions as requested.

Bachelor’s Degree or equivalent experience required. Minimum of seven (7) years of relevant work experience is required.

• Ability to effectively prioritize and execute tasks while working independently and in a team‑oriented, collaborative environment.
• Strong interpersonal skills including excellent written and verbal communication skills; listening and critical thinking; presentation, facilitation skills.
• Ability to establish effective working relationships with stakeholders at all levels.
• Flexibility during organizational and/or business changes.
• Ability to manage multiple projects while demonstrating a sense of urgency.
• Effective problem‑solving skills with attention to detail.
• Working technical knowledge/experience of IT Audit, application, server, and network security; monitoring security events and supporting incident response activities;
  Sarbanes‑Oxley (SOX) compliance;
  Microsoft Office;
  Access management/authentication and authorization; security monitoring; data encryption; computer networking security; internet protocols (SSL, IPSEC, TCP/IP);
  Windows operating system; project management.

Certified in Risk and Information System Control (CRISC) or System Security Certified Practitioner (SSCP) preferred.

General office environment; may be required to sit or stand for extended periods of time.

$94,100.00 – $. Care Source offers a substantial and comprehensive total rewards package, and you may qualify for a bonus tied to company and individual performance.

Care Source is an Equal Opportunity Employer.

This job description is not all inclusive. Care Source reserves the right to amend this job description at any time.