Governance Risk and Compliance Specialist

Job Description

The Governance, Risk, and Compliance (GRC) Specialist role is responsible for assisting in the implementation and maintenance of the organization's governance, risk management, and compliance programs. This includes supporting the development of policies and procedures, conducting basic risk assessments and audits, helping to ensure that the organization is compliant with relevant laws, regulations, and standards. This role often involves collaborating with other departments to gather and analyze compliance data and contributing to the preparation of reports and documentation related to GRC activities.

• Participate in the development and maintenance of the organization's risk register.
• Assist in conducting basic risk assessments to identify potential threats and vulnerabilities.
• Contribute to third-party risk management by supporting vendor assessments and evaluations.
• Help in tracking and documenting remediation efforts for identified risks.
• Participate in security auditing processes under the guidance of senior staff.
• Assist in analyzing the risk associated with new applications and provide input for approvals.
• Support the maintenance of compliance documentation and reports.
• Contribute to security awareness initiatives within the organization.
• Assist in ensuring compliance with relevant regulations and standards.
• Support senior GRC team members in various GRC projects and tasks.
• Effectively communicate with team members to understand and support GRC initiatives.
• Demonstrate basic knowledge of security procedures and document activities accurately.
• Participate in team meetings, contributing insights on GRC matters.
• Develop foundational skills in interpreting and adhering to security policies.
• Exhibit a proactive approach to learning and understanding GRC best practices.
• Demonstrate strong analytical and problem-solving skills.
• Support the development, implementation, and maintenance of a comprehensive business continuity and disaster recovery plan to ensure uninterrupted delivery of critical healthcare services during emergencies.
• Help with Business Impact Assessments (BIAs) to aid in prioritizing recovery strategies for our systems.
• Assist the clinical and administrative teams to design and test BCP and DR procedures that comply with HIPAA regulations and related healthcare industry standards through disaster recovery drills and tabletop exercises.
• Support training and awareness programs for staff on business continuity protocols and their roles in maintaining operational awareness.
• Show exceptional attention to detail.

• Associate’s degree and one (1) year of progressively responsible experience in IT or cybersecurity roles or three (3) years of progressively responsible experience in IT or cybersecurity roles.
• Familiarity with basic cybersecurity risk concepts and tools.

• Bachelor’s degree in Cybersecurity, Information Technology, or a related field.
• Three (3) years of progressively responsible experience in security governance, risk, or audit focused roles.
• CompTIA Security+ or equivalent cybersecurity certification.
• Practical experience with ERM tools and third-party risk management.
• Exposure to Business Continuity Planning, Disaster Recovery Planning, Business Impact Assessments and Continuity of Operations Plan (COOP) in a healthcare setting.
• Exposure to healthcare and education security frameworks (NIST, HIPAA, HITRUST, GLBA).

Salary Range: $83,588-$ / Year