Information Security Governance-Risk-Compliance Analyst

Presbyterian is seeking a Information Security Governance-Risk-Compliance Analyst!

The Information Security Governance-Risk-Compliance Analyst is responsible for the oversight and coordination of various cybersecurity risk management activities focused on identifying, assessing, managing, and mitigating risks. Subject matter expert experienced in regulatory requirements, security framework standards, security operations and controls, and industry best practices.
The role works closely with Compliance, Internal Audit, and other Departmental Leaders in the coordination of planning, prioritization, tracking, and remediation of cyber risks, assessment and audit findings, supply chain risk, and operational risk. Works closely with technology and security leaders and subject matter experts to coordinate, review, and catalogue responses. coordinates with Compliance and Internal Audit to further the planning, response, and cataloguing of assessment and audit activities related to both Information Security and Information Technology.
Supports the operationalization of the GRC management functions to ensure compliance with established security controls, industry frameworks, regulatory and legal requirements, organizational policies, and standards. Collaborates with the GRC Director and CISO on the risk management program, including risk assessments, risk analysis, internal and external audits, vendor security risk program and risk register management. Other key activities will include reviewing existing security policies, assessing that procedures are implemented in accordance with security policies and standards, and that security metrics are being measured.

We're determined to take care of those working in healthcare.

Presbyterian is dedicated to improving people's lives - the lives of our patients and the lives of our coworkers. We're locally owned and operated, which encourages supportive leadership that emplowers employees. And we provide the opportunity to gorw from entry-level to the most senior positions.

Why Join Us

Full Time - Exempt: Yes
• Job is based at Rev Hugh Cooper Admin Center
• Work hours: Weekday Schedule Monday-Friday
• Benefits: We offer a wide range of benefits including medical, wellness program, vision, dental, paid time off, retirement and more for FT employees.

• Bachelors degree in Information Security, Computer Science, Information Management Systems, or related field desired; or 6 years of relevant experience may be substituted in lieu of degree. An advanced degree is strongly preferred.
• 3 years of experience in Information Security Risk Management or in Information Technology/Information Security Audit required.
• 5 years of experience in a large (over 2,000 end users) Healthcare IT Enterprise preferred.
• 7 years of experience in a combination of IT Governance, Risk Management, Compliance, and Information security roles preferred.
• Professional certifications such as Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP) or Certified Risk & Information Security Controls (CRISC) required or willing to obtain within the first year of employment.
• Expert working knowledge from within an information security function using ISO 27000, NIST CSF, NIST RMF, or NIST 800-53, HIPAA, or HITRUST Common Security Framework.
• Experience supporting SSAE 16 or SOC 2
• Detailed understanding and extensive experience with information security regulations, including at a minimum National Institute of Standards and Technology (NIST), Health Insurance Portability Accountability Act (HIPAA), Payment Card Industry (PCI), ISO 27001 and ISO 27018, Sarbanes-Oxley (SOX), Cloud Security Alliance (CSA) and various other laws and regulations including Executive Orders.
• Significant experience performing Information Security Risk Management, Third-Party Risk Management, and audits and assessments in large, complex organizations.
• Significant experience in end-to-end IT and Security Risk Management.
• Significant experience with technical risk remediation identification and planning.
• Significant experience with corrective action and remediation engagement and planning.
• Models high standards of integrity, performance, confidentiality, and demonstrates sound judgement.
• Incorporates Presbyterian Health Services values into the ITGRC compliance and audit program

Credentials:
Essential:
* Certified Information Systems Security Professional
* Certified in Risk and Information Systems Control
* Certified Information Systems Auditor

• Provide expert knowledge in information security standards and practices and with related federal, state, and local regulatory requirements.
• Identify and assess the severity and potential impact of risks identified within audits and assessments. Educate risk owners within Information Technology and Information Security about risk assessment findings and proper risk remediation.
• Support the implementation of PHS and PHP information governance, risk, and compliance processes.
• Assess processes, practices, and controls against PHS Information Technology and Information Security policies, procedures, and standards.
• Coordinate, catalogue, and communicate internal and external risks and findings to the Director, ITGRC.
• Develop and maintain risk exception and acceptance processes, corrective action plans and mitigation strategies for cyber risks, assessment and audit findings, supply chain risks, and operational risks and recommendations. Corrective action plans are continually updated, and progress is documented for each open item.
  
  

All benefits-eligible Presbyterian employees receive a comprehensive benefits package that includes medical, dental, vision, short-term and long-term disability, group term life insurance and other optional voluntary benefits.

Wellness
Presbyterian's Employee Wellness rewards program is designed to provide you with engaging opportunities to enhance your health and activate your well-being. Earn gift cards and more by taking an active role in our personal well-being by participating in wellness activities like wellness challenges, webinar, preventive screening and more.

Why work at Presbyterian?
As an organization, we are committed to improving the health of our communities. From hosting growers' markets to partnering with local communities, Presbyterian is taking active steps to improve the health of New Mexicans.

About Presbyterian Healthcare Services
Presbyterian exists to ensure the patients, members and communities we serve can achieve their best health. We are a locally owned, not-for-profit healthcare system of nine hospitals, a statewide health plan and a growing multi-specialty medical group. Founded in New Mexico in 1908, we are the state's largest private employer with nearly 14,000 employees.

Our health plan serves more than 580,000 members statewide and offers Medicare Advantage, Medicaid (Centennial Care) and Commercial health plans.

AA/EOE/VET/DISABLED. PHS is a drug-free and tobacco-free employer with smoke free campuses.