Summary
The EIS Compliance/Governance Analyst will be responsible for assisting in the responsibilities of executing the security framework compliance/governance activities and requirements. Day-to-day responsibilities will also include documenting adherence to governance requirements across policies/standards, procedures, controls, compliance, training and awareness, and preparing metrics/KPIs and reporting materials. This role will report to the EIS ESF Manager.
Responsibilities
- Evaluate the design and operation effectiveness of Business/IT operations against the HITRUST CSF and identify areas of improvement
- Interview SMEs, examine evidence documentation, analyze and perform testing
- Learn the company functions/processes by conducting process walk throughs
- Analyze root cause of issues, provide recommendations for process improvements and risk mitigation based on assessment findings
- Collaborate with cross-functional teams to mitigate risks and ensure compliance with HITRUST CSF
- Deliver effective and concise documentation that meets HITRUST quality standards
- Prepare and provide reporting such as dashboards and metrics, on various areas of performance, issue analysis and assessment statuses
- Utilize GRC tools to effectively manage assessment remediation plans and documentation
- Serve as a HITRUST subject matter expert
- Participate and provide support during audits, assessments, or other required third-party reviews
Required Skills/Experience
- At least 3-5 years of work experience in Information Security, IT general controls, IT compliance, IT Assessments and/or IT audit experience as well as knowledge and understanding of governance, risk, compliance
- Knowledge of security and risk frameworks, standards, best practices (e.g., HITRUST CSF, NIST CSF, ISO/IEC 27001, COBIT)
- Effective written and verbal communication skills and the ability to tailor communication style to the audience at hand
- Experience in coordination and execution of the audit lifecycle, including evidence collection, review, observation tracking, management response collection and auditor relations and communication
- Experience working on testing of IT controls across systems, databases, applications and operating systems
Education/Certifications
- Undergraduate university degree (4-year) preferred but not required.
- Masters (e.g., MBA, MSIS, MIS, etc.) degree preferred but not required.
- Five (5) years of combined IT experience to include two (2) years IT security work
- Experience in Information Security, IT general controls, IT compliance, IT assessments and/or IT audit experience.
- Certified Information Systems Security Professional (CISSP), CISA, CPA/CA, CISM or other equivalent professional certification preferred but not required.