IT Security Engineer, GRC

As a GRC (Governance, Risk, and Compliance) Engineer, you will play a pivotal role in ensuring that our organization adheres to regulatory requirements, industry standards, and internal policies. You will be responsible for developing and implementing strategies, processes, and technologies to manage risk, maintain compliance, and strengthen our overall security posture.

[Recruiting will insert language about Heartland Dental]

To give you an idea of the team structure, you will work on a team of Security Analysts and Security Engineers reporting to the Director of Information Security.

Below is an overview of the duties and responsibilities you would take on in this role:

• Governance Implementation: Develop and implement governance frameworks to ensure effective decision-making processes and accountability throughout the organization.
• Risk Assessment: Conduct risk assessments to identify, assess, and prioritize risks across various business functions and IT systems.
• Risk Mitigation: Design and implement risk mitigation strategies and controls to minimize the impact of identified risks on the organization's operations and objectives.
• Compliance Monitoring: Monitor regulatory requirements, industry standards, and internal policies to ensure compliance with relevant laws and regulations.
• Policy Development: Collaborate with stakeholders to develop and maintain policies, procedures, and guidelines related to governance, risk management, and compliance.
• Incident Response: Develop and implement incident response plans to effectively address and mitigate security incidents, data breaches, and compliance violations.
• Training and Awareness: Provide training and awareness programs to employees on governance, risk management, and compliance best practices.
• Audit Support: Assist in internal and external audits by providing documentation, evidence, and support as needed.

Minimum Requirements:

• Completion of one of the following: 
• Five years of experience in GRC, risk management, compliance, information security, or a related field
• Associate degree and not less than two years of experience in GRC, risk management, compliance, information security, or a related field.
• Bachelor’s degree in Information Technology, Computer Science, or related field with one year of experience in GRC, risk management, compliance, information security, or a related field.
• Understanding of GRC frameworks and standards such as ISO 27001, NIST, COBIT, and ITIL.
• Familiarity with regulatory requirements like GDPR, HIPAA, SOX, PCI-DSS.
• A knowledge of Information Security control practices and frameworks (e.g., CIS CSC, ATT&CK, OWASP, PTES, NIST, ISO, CCM etc.).
• Strong analytical and problem-solving skills to assess risks, analyze data, and develop mitigation strategies.
• Strong organizational skills, accuracy, and attention to detail 
• Ability to work well under pressure and prioritize multiple tasks.
• Strong verbal and written communication skills
• Ability to interact with co-workers in a collegial manner to accomplish common tasks.
• High level of maturity, personal initiative, and sound judgment

Desirable Qualifications:

• Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or similar credentials.
• Proven experience in GRC, risk management, or related fields, preferably in a Healthcare organization.
• Strong understanding of regulatory requirements, such as HIPAA, PCI, and industry standards like ISO 27001.
• Experience with risk assessment methodologies, such as FAIR, and risk management frameworks, such as COSO or NIST RMF.

Physical Requirements:

• Ability to perform essential duties satisfactorily with or without reasonable accommodation. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties of the position
• Prolonged periods sitting at a desk and working on a computer
• Must be able to lift up to 15 pounds at times

We put our people first at Heartland Dental, and that shows in our generous benefits package.

Company retains the sole discretion to change the duties of the position at any time.

We provide all employees and applicants for employment the protections of federal, state, and local laws affording equal opportunity in employment.