Role Snapshot
AI‑generatedSenior GRC Analyst responsible for conducting comprehensive risk assessments, compliance initiatives, and security control evaluations across the organization to maintain alignment with regulatory frameworks (NIST, HIPAA, GDPR, SOX, PCI-DSS). The role includes mentoring team members and providing strategic risk mitigation recommendations to senior management.
Key Responsibilities: Conducts risk assessments and gap analyses for departments and systems; prepares compliance reports and audit materials for senior management; coordinates with IT teams and business stakeholders to implement security controls and track remediation of findings; maintains security metrics and ensures adherence to regulatory requirements.
Skills & Tools: Advanced knowledge of compliance frameworks (HIPAA, GDPR, SOX, PCI-DSS, NIST); expertise in risk assessment methodologies, control evaluation, and audit preparation; strong communication and stakeholder management abilities; proficiency in security control frameworks and automation; mentoring and process improvement capabilities.
Qualifications: Bachelor's degree in cybersecurity, information security, or related field with 5+ years of GRC experience; demonstrated expertise in risk and compliance management; relevant certifications (CISSP, CISM, or similar) preferred; strong understanding of healthcare security requirements beneficial for UKHC environment.
Location: In-Person
Compensation: $110K–$160K/yr (estimated)
Job Description
Responsible for conducting risk assessments, gap analysis and compliance initiatives across the organization in alignment with NIST, HIPAA, GDPR, etc. Creates reports and presentations for reporting to senior management. Coordinates with IT teams, business stakeholders, and vendors to support security control implementation and remediation of findings. Contributes to process improvements and helps maintain the organization’s overall security posture. Mentors and trains other analysts to support knowledge transfer and enhance team effectiveness. This position is hybrid.
Essential Functions:
• Conducts risk assessments, gap analysis, and compliance initiatives for departments, systems, applications and vendors.
• Prepares reports for senior management and advises on risk mitigation.
• Evaluates controls and compensating controls and ensures that remediation plans are acceptable and in place.
• Communicates and implements control framework and automation.
• Tracks remediation of identified risks and collaborates with stakeholders to ensure timely resolution.
• Maintains security and compliance metrics, reporting findings to management.
• Prepares materials for internal and external audits, supporting audit readiness and evidence collection.
• Collaborates with IT and business teams to ensure adherence to regulatory requirements (HIPAA, SOX, PCI-DSS, GDPR, etc.).
• Participates in continuous improvement of GRC processes and documentation practices.
• Performs other duties as assigned.
Essential Functions:
• Conducts risk assessments, gap analysis, and compliance initiatives for departments, systems, applications and vendors.
• Prepares reports for senior management and advises on risk mitigation.
• Evaluates controls and compensating controls and ensures that remediation plans are acceptable and in place.
• Communicates and implements control framework and automation.
• Tracks remediation of identified risks and collaborates with stakeholders to ensure timely resolution.
• Maintains security and compliance metrics, reporting findings to management.
• Prepares materials for internal and external audits, supporting audit readiness and evidence collection.
• Collaborates with IT and business teams to ensure adherence to regulatory requirements (HIPAA, SOX, PCI-DSS, GDPR, etc.).
• Participates in continuous improvement of GRC processes and documentation practices.
• Performs other duties as assigned.