Information Security Governance Risk and Compliance Analyst

Information Security Governance Risk and Compliance Analyst – Hybrid – Okemos, MI

At Delta Dental of Michigan, Ohio, and Indiana we work to improve oral health through benefit plans, advocacy and community support, and we amplify this mission by investing in initiatives that build healthy, smart, vibrant communities. As one of the largest dental plan administrators, you’ll help secure our operations and support our growth while fostering a culture of collaboration and community impact.

• Facilitate timely completion of internal and external systems audits and assessments for Delta Dental of Michigan and its affiliates.
• Support daily GRC operations and maintain the enterprise GRC platform, including control libraries, evidence workflows, and reporting.
• Partner across ISS teams, departments, and affiliates to interpret technical requirements and map compliance requirements to control implementation.
• Evaluate vendor architectures, data flows, control evidence (SOC reports, pen tests, SIG) and confirm risk treatment for vendor access to sensitive data to support TPRM.
• Drive the completion of third‑party audits and help enable company compliance with customer technical requirements and industry standards such as SOC, HITRUST, HIPAA, CMMC, FedRAMP, GovRAMP, NIST, and PCI.
• Assist with customer and regulatory risk assessments, audits, attestations, and other security information requests.
• Collaborate with cross‑functional teammates in IT, Dev Ops, Engineering, and Test on security operations tasks.
• Facilitate technical, operational, and regulatory outcomes across the client portfolio, including continuous monitoring and compliance audits.
• Monitor and analyze security risks and metrics to identify trends, correlations, and variances, and recommend improvements.
• Automate compliance controls, evidence collection, and compliance artifact generation using SharePoint and Power Automate.
• Document gaps in POA&M, root cause, technical remediation steps, measurable milestones, and validation criteria; track remediation to closure and re‑test control effectiveness.
• Analyze data flow diagrams, network diagrams, and solution architectures to confirm trust boundaries, data classifications, encryption paths, and control placement across system components.
• Perform other related duties as necessary to complete the responsibilities described above.

• Bachelor’s degree in information technology or related field and at least three years of experience in IT with compliance and security standards and frameworks (GDPR, HIPAA, PCI DSS, CIS Benchmarks, and NIST).
• Preferred certifications: CCSP, CISSP, CISA, GCSA, GCPN, GPEN or similar.
• Demonstrated technical experience implementing and assessing information security and privacy controls aligned with GDPR, HIPAA, PCI DSS, CIS Benchmarks, and NIST frameworks.
• Hands‑on experience in one or more enterprise IT domains, including operating systems, cloud and virtualized platforms, network security, identity and access management, logging and monitoring, or vulnerability management.
• Knowledge of information security principles and practices, GRC solutions, intrusion detection systems, installation, configuration, monitoring and response to security systems, advanced security protocols and standards, software and security architectures, risk management, control techniques and frameworks, planning and project management, regulation and law.
• Ability to lead teams; collect and analyze complex data; use data extraction and analysis tools; use active listening skills; and communicate effectively, both verbally and in writing.

• Comprehensive benefits package including medical, dental and vision coverage, short‑ and long‑term disability, life insurance, 401(k) savings plan, flexible spending accounts, and tuition reimbursement or educational assistance.
• Eligible for annual incentive compensation based on annual business goals.
• Eight hours of paid volunteer time each year.
• Access to an on‑staff health coach and personal trainer.
• Additional perks such as wellness programs and community initiatives.

The company will provide equal employment and advancement opportunity within the context of its unique business environment without regard to race, color, religion, gender, gender identity, gender expression, age, national origin, familial status, citizenship, genetic information, disability, sex, sexual orientation, marital status, pregnancy, height, weight, military status or any other status protected under federal, state, or local law or ordinance. Delta Dental is an Equal Opportunity Employer.