What are the responsibilities and job description for the Contractor, Information Security Governance, Risk and Compliance position at Equiliem?
Job Details
Summary:
Under the direction of the Director - InfoSec GRC, the incumbent will take a lead role and will be responsible for managing and reducing Information Technology, Information Security, Privacy, Regulatory Compliance and Governance, and Cybersecurity risk to by helping to prioritize and drive remediation efforts throughout the organization. This role will project lead several IT and cybersecurity engagements across different cross-functional teams, collaborating with internal, external, and other advisory partners to plug out on gap, corrective action plans, exceptions, and non-conformities to meet regulatory compliance. Partner with infrastructure, Help Desk, IT, Informatics, Security Operations, Compliance, Privacy, Legal, and Internal Audit to bring policy, procedures/standards and implementation requirements to full compliance and maturity. The Analyst independently or in collaboration with other stakeholders owns policy creation and updates, planning, coordination and execution of IT and Cybersecurity projects. The Analyst holds team and organization level responsibilities and leads complex scale projects. The incumbent will work with employees and leaders across partners and affiliates.
Hands on GRC experience in a clinical environment, project management background and experience with the New York State Hospital Cybersecurity regulatory mandate are a plus.
Primary Duties Include:
Knowledge, Skills, and Abilities
Knowledge of:
Skills in:
Ability to:
Qualifications:
Required Education and Experience
Education and Experience
bachelor's degree in computer science, Information Systems or a related field and the equivalent of ten (10) years of full-time experience in information security Governance Risk and Compliance.
What sets you Apart?
About Equiliem
Equiliem believes in empowering success. It's our job to cultivate relationships that connect people and employers in a way that is inclusive, intelligent, and allows both to thrive.
Across the U.S., leading companies in healthcare, government, engineering, manufacturing, professional services, and energy rely on us for their workforce solutions. Our recruiting and HR services include contract and direct hire staffing, Payrolling/EOR, Independent Contractor Compliance, and Managed Services.
For almost 30 years, we've helped shape our industry. Today, we continue to research, ask questions, and continuously enhance the candidate journey and client experience.
EEO Employer
Equiliem is an equal opportunity employer. We do not discriminate or allow discrimination based on race, color, religion, creed, sex, age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Equiliem will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or .
Under the direction of the Director - InfoSec GRC, the incumbent will take a lead role and will be responsible for managing and reducing Information Technology, Information Security, Privacy, Regulatory Compliance and Governance, and Cybersecurity risk to by helping to prioritize and drive remediation efforts throughout the organization. This role will project lead several IT and cybersecurity engagements across different cross-functional teams, collaborating with internal, external, and other advisory partners to plug out on gap, corrective action plans, exceptions, and non-conformities to meet regulatory compliance. Partner with infrastructure, Help Desk, IT, Informatics, Security Operations, Compliance, Privacy, Legal, and Internal Audit to bring policy, procedures/standards and implementation requirements to full compliance and maturity. The Analyst independently or in collaboration with other stakeholders owns policy creation and updates, planning, coordination and execution of IT and Cybersecurity projects. The Analyst holds team and organization level responsibilities and leads complex scale projects. The incumbent will work with employees and leaders across partners and affiliates.
Hands on GRC experience in a clinical environment, project management background and experience with the New York State Hospital Cybersecurity regulatory mandate are a plus.
Primary Duties Include:
- Oversees and participates in creation of and updating organizational policies aligned to the cybersecurity needs of the organization, best practices, and regulatory requirements; heavy focus on NYS Hospital Cybersecurity Regulation but inclusive of others such as HIPAA, NIST CSF and PCI.
- Works closely with control owners and internal and external auditors to ensure requests are completed in time.
- Assists with evaluating the information security program's effectiveness by developing, monitoring, gathering, tracking, and analyzing information security and compliance metrics for management.
- Creating, maintaining, communicating, and tracking information security policies, procedures/ SOP, and other documentations.
- Prepares for and facilitates assessments by qualified security assessors for regulations such as HIPAA, NIST CSF and NYS Hospital Cybersecurity Regulation.
- Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that the company meets both the requirements and intent of its regulatory and compliance obligations.
- Facilitates the remediation of control gaps and escalates critical issues to leadership.
- Articulates results of the final assessments to business stakeholders, project sponsors, program managers, and other internal parties.
- Develops mechanisms to align with the adoption and usage of current and emerging regulations including HIPAA, NIST CSF and NYS Hospital Cybersecurity Regulation.
- Work with SMEs to interpret and translate controls into remediation items.
- Lead and manage IT cybersecurity compliance project from initiation through closure and post-mortem.
Knowledge, Skills, and Abilities
Knowledge of:
- Excellent technical skills (application and operating system hardening, vulnerability assessments, security audits, TCP/IP, intrusion detection systems, firewalls, etc.)
- Applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations.
- Policy, procedure, SOP advisory.
- Information systems auditing, monitoring, controlling, and assessment process.
- Incident response management.
- Penetration Testing, Vulnerability Management.
- Business Continuity and Disaster Recovery.
- Risk assessment and management methodology.
Skills in:
- Developing and implementing enterprise governance, risk, and compliance strategy and solutions.
- Information technology and cybersecurity project management, planning, and execution.
- Time and task management.
- Defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions.
- Using judgment and ingenuity in maintaining objectives and technical standards.
Ability to:
- Effectively communicate technical issues to diverse audiences, both in writing and verbally.
- Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes.
- Evaluate and update and/or revise program materials.
- Comprehend technical background and confer, analyze, and write in an objective, lucid manner.
- Work as part of a team and/or independently and prioritize multiple tasks and adapt to needed changes.
Qualifications:
Required Education and Experience
Education and Experience
bachelor's degree in computer science, Information Systems or a related field and the equivalent of ten (10) years of full-time experience in information security Governance Risk and Compliance.
What sets you Apart?
- 10 years of experience in security GRC with emphasis on leading, managing and conducting concurrent risk assessments, project management skills and knowledgeable in HIPAA, NIST CSF and NYS Hospital Cybersecurity Regulation.
- 10 years of experience in security GRC with emphasis on leading, managing and conducting concurrent risk assessments
- Project management skills and knowledge in HIPAA, NIST CSF and NYS Hospital Cybersecurity Regulation is a plus.
- Experience in a clinical environment is a plus.
About Equiliem
Equiliem believes in empowering success. It's our job to cultivate relationships that connect people and employers in a way that is inclusive, intelligent, and allows both to thrive.
Across the U.S., leading companies in healthcare, government, engineering, manufacturing, professional services, and energy rely on us for their workforce solutions. Our recruiting and HR services include contract and direct hire staffing, Payrolling/EOR, Independent Contractor Compliance, and Managed Services.
For almost 30 years, we've helped shape our industry. Today, we continue to research, ask questions, and continuously enhance the candidate journey and client experience.
EEO Employer
Equiliem is an equal opportunity employer. We do not discriminate or allow discrimination based on race, color, religion, creed, sex, age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Equiliem will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at [email protected] or .
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
