×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Consultant

Information Security Governance Risk and Compliance Analyst

Job in Okemos, Ingham County, Michigan, 48864, USA
Listing for: Delta Dental of Michigan
Full Time position
Listed on 2026-05-16
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Consultant
Salary/Wage Range or Industry Benchmark: 60000 - 80000 USD Yearly USD 60000.00 80000.00 YEAR
Job Description & How to Apply Below

Job Title

Information Security Governance Risk and Compliance Analyst

Location

Okemos, MI (Hybrid Position)

Job Overview

At Delta Dental of Michigan, Ohio, and Indiana we work to improve oral health through benefit plans, advocacy and community support, and we amplify this mission by investing in initiatives that build healthy, smart, vibrant communities. We are one of the largest dental plan administrators in the country, and are part of the Delta Dental Plans Association, which operates two of the largest dental networks in the nation.

At Delta Dental, we celebrate our All In culture – a mindset, feeling and attitude we wrap around all that we do – from taking charge of our careers to helping colleagues and lending a hand in the community.

Position Description

Facilitates the timely completion of internal and external systems audits and assessments on behalf of Delta Dental of Michigan and its affiliates. This position also helps with the daily GRC operations.

Primary

Job Responsibilities
  • Partner across ISS teams, departments, and affiliates to interpret technical requirements and map compliance requirements to control implementation, and maintains an understanding across our products of all current and emerging technologies, open system standards, and management technologies as they relate to the support of our business needs.
  • Evaluates vendor architectures, data flows, control evidence (SOC reports, pen tests, SIG), and confirms risk treatment for vendor access to sensitive data to support TPRM.
  • Drives the completion of third‑party audits and helps enable company compliance with customer technical requirements, industry standards, and regulatory requirements. Examples include SOC, HITRUST, HIPAA, CMMC, FedRAMP, GovRAMP, NIST, and PCI.
  • Assist with customer and regulatory risk assessments, audits, attestations, and other security information requests.
  • Partner closely on security operations tasks with cross‑functional teammates in IT, Dev Ops, Engineering, and Test.
  • Facilitate technical, operational, and regulatory outcomes across our client portfolio, including continuous monitoring and compliance audits.
  • Monitor and analyze security risks and metrics to identify trends, correlations, and variances and recommend improvements as needed.
  • Administers the enterprise GRC platform, including control libraries, evidence workflows, and reporting.
  • Maintains executive‑level reports that provide visibility into key cybersecurity metrics and KPIs.
  • Facilitates automation for compliance controls, evidence collection, and compliance artifact generation using SharePoint and Power Automate.
  • Documents gaps in POA&Ms with root cause, technical remediation steps, measurable milestones, and validation criteria; tracks remediation to closure and re‑test control effectiveness.
  • Analyzes data flow diagrams (DFDs), network diagrams, and solution architectures to confirm trust boundaries, data classifications, encryption paths, and control placement across system components.

Perform other related assigned duties as necessary to complete the Primary Job Responsibilities as described above.

Minimum Requirements

Position requires a bachelor’s degree in information technology or a related field and three years’ experience in information technology with compliance and security standards and frameworks, including GDPR, HIPAA, PCI DSS, CIS Benchmarks, and NIST frameworks. CCSP, CISSP, CISA, GCSA, GCPN, GPEN, or similar certifications are preferred. Will accept any suitable combination of education, training, and experience.

Position requires demonstrated technical experience implementing and assessing information security and privacy controls aligned with GDPR, HIPAA, PCI DSS, CIS Benchmarks, and NIST frameworks (e.g., NIST SP 800‑53, 800‑171); hands‑on experience in one or more enterprise IT domains, including operating systems, cloud and virtualized platforms, network security, identity and access management, logging and monitoring, or vulnerability management; knowledge of information security principles and practices, GRC solutions, intrusion detection systems, installation, configuration, monitoring and response to security systems,…

To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search