Senior Cybersecurity Risk Governance Analyst

Job Description

GHX is seeking a Senior Cybersecurity Risk Governance Analyst to provide expertise in IT compliance and risk management. The analyst will advise leadership on regulatory matters, manage IT audits, and execute cybersecurity risk management activities. This role involves internal compliance, third-party vendor security oversight, and response to customer security inquiries.Responsibilities include:

• Advising leadership on compliance with laws and regulations such as HIPAA, PCI-DSS, FedRAMP, HITRUST, ISO 27001, and GDPR.
• Facilitating and overseeing IT audits and assessments.
• Managing the development and execution of action plans.
• Performing IT risk and controls assurance assessments.
• Developing and maintaining operational metrics.
• Mentoring team members.

Requirements:

• 5-8 years of experience in information security, IT controls assurance, and IT audit facilitation.
• Working knowledge of industry standards such as NIST Cybersecurity Framework, FedRAMP, NIST SP 800-53, ISO 27001, Sarbanes-Oxley, SOC1, SOC2, HIPAA, and HITRUST.
• Strong analytical, communication, and project management skills.

GHX offers:

• Opportunity to work in a global healthcare exchange company.
• A role focused on improving patient care and maximizing industry savings.