IT/IS GRC Consultant (Third Party)

Chicago Illinois HQ (300 E. Randolph Street)

Health Care Service Corporation

View company page

At HCSC, we consider our employees the cornerstone of our business and the foundation to our success. We enable employees to craft their career with curated development plans that set their learning path to a rewarding and fulfilling career.

Come join us and be part of a purpose driven company who is  invested in your future!

Job Summary

This position is responsible for the planning, design, enforcement and audit of information technology and information security policies, standards and procedures which safeguard the integrity of and access to enterprise systems, files and data elements; analyzing, tracking and acting on information technology or information security policy exceptions, audits and assessments. Ensure supplier remediation tasks are closed timely and in adherence to information security contractual obligations. Evaluate and ensure open remediation mitigation aligns with information technology and information security products, services and/or processes to reduce risk and maintain compliance with applicable policies, mandates, laws and regulations. This involves collaborating with internal business contacts to ensure risks identified in security assessments are timely mitigated. Maintaining knowledge of changing technologies, and provides recommendations for adaptation of new technologies, processes or policies. Recognizing and identifying potential areas where existing information technology or information security policies, standards and procedures require change, or where new ones need to be developed, especially as a result of future business expansion and technology advances; providing management with analysis via risk assessments and briefings / reports to advise them of critical information technology / information security issues that may affect the company’s business objective and / or compliance; collaborating with and feeds it risk information into the enterprise risk management program. Evaluates and recommends information technology and information security products, services and/or processes to reduce risk and maintain compliance with applicable policies, mandates, laws and regulations. Implementing the activities associated with the information technology and information security awareness programs and provides education and training on information technology and information security policies, standards and practices; performing control assessments and working with appropriate subject matter experts (SMEs) to document remediation plans; serving as a project lead and mentor to junior GRC team members. May lead functional teams or projects.

Required Job Qualifications:
* Bachelor Degree and 4 years of IT / IS work experience with a broad range of exposure to systems analysis, application development, database design and administration or 8 years of IT / IS work experience with a broad range of exposure to systems analysis, application development, database design and administration.
* Understand IT / IS concepts and how to artciulate those in terms of risk.Interprets internal or external business issues and concepts and and can translate those into IT concepts that must be addressed via policy.
* Understand key IT / IS laws and regulations, such as the Health Insurance Portability and Accountability Act, as well as governance and compliance frameworks (e.g. NIST, COBIT, ITIL, HITRUST).
* Experience with audit and compliance controls. This could include previous IT auditing experience and / or technical controls implementation, as well as the ability to respond apprpriately to audit and assessment findings.
* Initiate and invoke creativity to solve complex problems; takes an “outside –in”perspective to identify innovative solutions
* Collaborate well with individuals across the business and IT, as well as at all levels of the organization.
Verbal and written communication skills, including the ability to articulate complex concepts to various technical and non-technical audiences.
* Experience with and understanding of overall GRC concepts.
* Work independently, with guidance in only the most complex situations.
* May lead functional teams or projects.

Preferred Job Qualifications:
* Bachelor Degree in Computer Science, Information Systems, or other related field.
* Experience with a GRC solution.

We encourage people of all backgrounds and experiences to apply.

#LI-HYBRID
#LI-NV1
#INCR
#DICE

Are you being referred to one of our roles? If so, ask your connection at HCSC about our Employee Referral process!

HCSC Employment Statement:

HCSC is committed to diversity in the workplace and to providing equal opportunity and affirmative action to employees and applicants. We are an Equal Opportunity Employment / Affirmative Action employer dedicated to workforce diversity and a drug-free and smoke-free workplace. Drug screening and background investigation are required, as allowed by law. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Audits COBIT Compliance Computer Science Governance HITRUST ITIL NIST Risk assessment Risk management Security assessment

Perks/benefits: Career development Insurance

Region: North America
Country: United States
Job stats:  4  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.