This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

The IT Security Governance, Risk & Compliance (GRC) Specialist plays a critical role in ensuring that the organization adheres to healthcare regulations, mitigates risks, and maintains a robust compliance program. This individual will support governance, risk, and compliance initiatives by assessing regulatory requirements, identifying potential risks, and ensuring alignment with industry standards such as HIPAA, HITECH, NIST CSF, and other relevant frameworks.

• Governance: Assist in developing, maintaining, and enforcing healthcare policies and procedures. Support the implementation and management of governance frameworks, ensuring alignment with organizational objectives and healthcare regulations. Collaborate with stakeholders to ensure compliance with applicable standards and best practices.
• Risk Management: Conduct risk assessments, including the identification, analysis, and prioritization of risks related to healthcare operations, IT systems, and third-party vendors. Develop and maintain the organization’s risk register and track remediation efforts. Participate in incident response planning and tabletop exercises to improve organizational preparedness.
• Compliance: Monitor and ensure compliance with regulatory requirements such as HIPAA, HITECH, CMS guidelines, and state-specific healthcare laws. Support audit and assessment processes, including preparing documentation, responding to audit requests, and implementing corrective actions. Assist in managing third-party risk assessments, ensuring vendor compliance with healthcare security and privacy standards.
• Reporting and Documentation: Prepare and deliver compliance and risk reports to leadership, including metrics, dashboards, and key performance indicators (KPIs). Maintain accurate documentation of compliance activities, risk assessments, and governance efforts.
• Collaboration and Training: Partner with internal teams (e.g., IT, Legal, Operations) to address compliance gaps and enhance security posture. Provide training and awareness sessions to staff on healthcare compliance, risk management, and policy requirements. Act as a liaison with external auditors, regulatory agencies, and third-party vendors.

Qualifications

• At least 1 year of experience in governance, risk and compliance roles, preferably within healthcare - required
• Familiarity with healthcare regulations (HIPAA, HITECH, CMS) and industry standard (NIST CSF, HITRUST, ISO 27001) - preferred
• Four-year bachelor's degree or equivalent experience in Healthcare administration, Information Security, Risk Management, or a related field - required

Requirements

• CHC, CISA, CCSFP or CISSP certification - preferred

Benefits

• Employee portion of medical plan premiums are covered after 3 years.
• 4%-10% employee savings plan match based on tenure
• Paid Parental Leave (up to 12 weeks)
• Caregiver Leave
• Adoption and surrogacy reimbursement