Information Security Governance-Risk-Compliance Analyst

Presbyterian is seeking a skilled Information Security Goverment Risk Compliance Analyst (GRC) to lead cybersecurity risk management activities, ensuring compliance with regulatory requirements, security frameworks, and industry best practices. This role collaborates with Compliance, Internal Audit, and IT leaders to manage risk assessments, audits, vendor security, and policy implementation. Ideal candidates will have expertise in security operations, risk analysis, and GRC program development.

We're determined to take care of those working in healthcare.

Presbyterian is dedicated to improving people's lives - the lives of our patients and the lives of our coworkers. We're locally owned and operated, which encourages supportive leadership that emplowers employees. And we provide the opportunity to gorw from entry-level to the most senior positions.

Why Join Us

Full Time - Exempt: Yes
• Job is based at Rev Hugh Cooper Admin Center
• Work hours: Weekday Schedule Monday-Friday
• Benefits: We offer a wide range of benefits including medical, wellness program, vision, dental, paid time off, retirement and more for FT employees.

• Bachelor's degree in Information Security, Computer Science, or related field preferred; 6 years of relevant experience may substitute. Advanced degree strongly preferred.
• 3+ years in Information Security Risk Management or IT/IS Audit required.
• 5+ years in a large Healthcare IT enterprise (2,000+ users) preferred.
• 7+ years in IT Governance, Risk Management, Compliance, or Information Security roles preferred.
• Strong knowledge of ISO 27000, NIST CSF/RMF/800-53, HIPAA, HITRUST, and SOC 2.
• Experience with regulatory frameworks: NIST, HIPAA, PCI, ISO 27001/27018, SOX, CSA, and Executive Orders.
• Proven experience in risk assessments, third-party risk, audits, and technical remediation planning.
• Professional certifications (CISA, CISM, CISSP, CRISC) required or must be obtained within 1 year.
• Demonstrates integrity, sound judgment, and alignment with Presbyterian Healthcare Services values.

• Provide expert knowledge in information security standards and practices and with related federal, state, and local regulatory requirements.
• Identify and assess the severity and potential impact of risks identified within audits and assessments. Educate risk owners within Information Technology and Information Security about risk assessment findings and proper risk remediation.
• Support the implementation of PHS and PHP information governance, risk, and compliance processes.
• Assess processes, practices, and controls against PHS Information Technology and Information Security policies, procedures, and standards.
• Coordinate, catalogue, and communicate internal and external risks and findings to the Director, ITGRC.
• Develop and maintain risk exception and acceptance processes, corrective action plans and mitigation strategies for cyber risks, assessment and audit findings, supply chain risks, and operational risks and recommendations. Corrective action plans are continually updated, and progress is documented for each open item.

All benefits-eligible Presbyterian employees receive a comprehensive benefits package that includes medical, dental, vision, short-term and long-term disability, group term life insurance and other optional voluntary benefits.

Wellness
Presbyterian's Employee Wellness rewards program is designed to provide you with engaging opportunities to enhance your health and activate your well-being. Earn gift cards and more by taking an active role in our personal well-being by participating in wellness activities like wellness challenges, webinar, preventive screening and more.

Why work at Presbyterian?
As an organization, we are committed to improving the health of our communities. From hosting growers' markets to partnering with local communities, Presbyterian is taking active steps to improve the health of New Mexicans.

About Presbyterian Healthcare Services
Presbyterian exists to ensure the patients, members and communities we serve can achieve their best health. We are a locally owned, not-for-profit healthcare system of nine hospitals, a statewide health plan and a growing multi-specialty medical group. Founded in New Mexico in 1908, we are the state's largest private employer with nearly 14,000 employees.

Our health plan serves more than 580,000 members statewide and offers Medicare Advantage, Medicaid (Centennial Care) and Commercial health plans.

AA/EOE/VET/DISABLED. PHS is a drug-free and tobacco-free employer with smoke free campuses.