What are the responsibilities and job description for the Governance, Risk, & Compliance (GRC) Engineer position at TeleTracking?
About The Role…
The GRC Engineer will be responsible for implementing, maintaining, and improving policies, standards, procedures, and internal controls to assure compliance with applicable regulatory and legal requirements, as well as information security best practices. The ideal candidate will have a security engineer mindset to building out GRC frameworks, automation, and integration of technical controls. The GRC Engineer will proactively work with key business stakeholders to assess and design controls to reduce information security risk. The GRC Engineer should understand and articulate the impact of information security controls on the business and be able to communicate this to stakeholders.
What You’ll Do…
TeleTracking is the world’s leading integrated healthcare Operations Platform that is Expanding the Capacity to Care by combining comprehensive technology solutions with clinical operations expertise to improve access to care, delivery, and transitions of care. We work with more than 900 hospitals globally, including the 3 largest health systems in the United States, providing workflow automation and ai-based decision support that creates optimized patient flow, improved capacity management, reduced wait times, and increased growth without compromised quality of care. TeleTracking values people with an entrepreneurial spirit, creativity and building strong relationships with our employees.
Benefits
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable qualified individuals with disabilities to perform the essential functions. The term "qualified individual with a disability" means an individual with a disability who, with or without reasonable accommodation, can perform the essential functions of the position.
TeleTracking is an Equal Opportunity/Affirmative Action employer. TeleTracking recruits qualified applicants without regard to race, color, religion, gender, age, ethnic or national origin, veteran status, physical or mental disability, genetic information, sexual orientation or preference, gender identity, marital status, or citizenship status.
Recruiting agencies, please do not submit unsolicited referrals for this or any open role. We have a roster of agencies with whom we partner, and we will not pay any fee associated with unsolicited referrals.
The GRC Engineer will be responsible for implementing, maintaining, and improving policies, standards, procedures, and internal controls to assure compliance with applicable regulatory and legal requirements, as well as information security best practices. The ideal candidate will have a security engineer mindset to building out GRC frameworks, automation, and integration of technical controls. The GRC Engineer will proactively work with key business stakeholders to assess and design controls to reduce information security risk. The GRC Engineer should understand and articulate the impact of information security controls on the business and be able to communicate this to stakeholders.
What You’ll Do…
- Risk Assessment: Identify, assess, and prioritize risks that could impact TeleTracking’s compliance, financial health, or reputation.
- Compliance Management: Develop, implement, and maintain compliance programs and policies that align with regulatory requirements and industry best practices.
- Auditing: Conduct internal and external audits to assess compliance with regulations and identify areas for improvement.
- Reporting: Prepare and analyze compliance reports, metrics, and dashboards to track progress and identify trends.
- Training and Awareness: Develop and deliver training programs to educate employees about compliance requirements and information security best practices.
- Incident Management: Respond to compliance incidents, conduct investigations, and implement corrective actions.
- Technology Implementation: Evaluate and implement GRC software and tools to streamline compliance processes and improve efficiency.
- Continuous Improvement: Exploring opportunities to improve GRC processes through automation and continuous monitoring of information security controls, risks, and exceptions, and development of reporting metrics, dashboards, and evidence artifacts.
- Assisting in the development and ongoing oversight of a vulnerability management program.
- Managing the remediation of risks identified through the risk register process and contributing to the improvement of risk treatment plans and the overall risk management program.
- Managing the security exception process, including the completion of security exceptions, tracking, and following up on alternative mitigating action items detailed within approved security exceptions.
- Coordinating and tracking security-related audits including scope of audits, stakeholder engagement, and deliverable timelines; working with teams as appropriate to achieve audit readiness; providing guidance, evaluation, and advocacy on audit responses.
- Maintaining the vendor risk management program including vendor reviews and vendor risk assessments; improving the program with the build-out of repositories, tools, and documentation for third-party vendor risk assurance.
- 7 years of experience in Information Technology, Security Engineering, Governance, Risk and Compliance and/or Internal Audit management.
- Experience with GRC software tools and platforms (e.g., Vanta): Designing, Implementing, and Managing GRC tools and technologies to streamline processes for risk assessment, compliance monitoring, and incident management, including development of automation tools and automating auditing tasks.
- Experience conducting risk assessments on operational processes, procedures, and policies; interpreting audit results and making conclusions on the adequacy and reliability of controls; preparing and presenting reports, as necessary.
- Experience reviewing risk analysis, drafting corrective action plans, and driving the risk treatment process.
- Experience conducting security compliance reviews and audits of on-premises and hosted environments, including AWS and Azure.
- Experience working in a SaaS company environment.
- Proven experience in implementing and maintaining HITRUST CSF and ISO 27001 compliance frameworks.
- Experience working in a highly regulated industry vertical (e.g., healthcare).
- Bachelor’s degree in a technical discipline related to Information Technology.
- Professional certifications such as CGRC, CISSP, CISA, CRISC, or similar are highly desirable.
TeleTracking is the world’s leading integrated healthcare Operations Platform that is Expanding the Capacity to Care by combining comprehensive technology solutions with clinical operations expertise to improve access to care, delivery, and transitions of care. We work with more than 900 hospitals globally, including the 3 largest health systems in the United States, providing workflow automation and ai-based decision support that creates optimized patient flow, improved capacity management, reduced wait times, and increased growth without compromised quality of care. TeleTracking values people with an entrepreneurial spirit, creativity and building strong relationships with our employees.
Benefits
- Medical/dental/vision plans 100% paid for employees and family members without coverage, which start from day one!
- Life and AD&D
- Flexible Spending Accounts: Medical, Dependent Care, and Transportation
- 401 (k) Retirement Savings
- Tuition Reimbursement
- Military Paid Leave (up to 6 months of base salary while on military leave)
- Paid Time Off
- Paid parental leave
The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodation may be made to enable qualified individuals with disabilities to perform the essential functions. The term "qualified individual with a disability" means an individual with a disability who, with or without reasonable accommodation, can perform the essential functions of the position.
TeleTracking is an Equal Opportunity/Affirmative Action employer. TeleTracking recruits qualified applicants without regard to race, color, religion, gender, age, ethnic or national origin, veteran status, physical or mental disability, genetic information, sexual orientation or preference, gender identity, marital status, or citizenship status.
Recruiting agencies, please do not submit unsolicited referrals for this or any open role. We have a roster of agencies with whom we partner, and we will not pay any fee associated with unsolicited referrals.
