Talent Space, Inc. is looking for a Sr. Analyst - Risk and Compliance for a full-time opportunity with one of its clients in healthcare domain in Irvine CA.
Responsibilities - Facilitate the risk management process, including identification, analysis, and remediation efforts.
- Identifies internal control standard methodologies and promotes their adoption across the enterprise.
- Implement and administer TrustCloud GRC and OneTrust Applications; implement other GRC tools.
- Conduct security risk assessments of IT systems, applications, and infrastructure to ensure compliance with security standards and regulations.
- Assess and manage third-party risks, including evaluation of AICPA Statement on Standards for Attestation Engagements 18 (SAE18) Statement of Controls (SOC) 1 and 2 Type I and II reports.
- Guide and maintain IT risk and compliance policies and procedures to ensure regulatory compliance and adherence to best practices, aligned with NIST, ISO, HIPAA, PCI, and state privacy regulations.
- Provide executive level IT Risk reports to stakeholders and senior management; provide quantitative and qualitative estimates of risk for various business practices.
- Raise awareness of any high level or substantial risk or assessment findings to appropriate party in alignment with policies and processes, including potential impact on company revenue, security compliance, customer asset loss, and any cross-functional impact.
- Monitor compliance with IT policies, procedures, and standards and implement corrective actions to address gaps or issues; partner with business units to ensure compliance considerations are incorporated into new project implementations.
- Manage small to moderately complex projects; track/monitor Security, Compliance, Risk Management and Service Improvement projects as part of the Information Security Management System program.
- Provide guidance on key performance indicators (KPIs) and operational metrics to measure overall maturity of Information Security Management Program, Enterprise Risk Management.
- Conducts internal audits, technology assessments, health checks, and gap analysis against regulatory standards and frameworks such as HIPAA, PCI-DSS, HITRUST, and California Consumer Privacy Act (CCPA).
- Establish formal Information Security Management Systems (ISMS) training program, management of assigned learning modules, ensuring training compliance and overall program maturity.
Required - Bachelor's degree in Business, Information Technology or related field of study
- 6+ years of professional experience in Governance, Compliance, and Risk
- Certified in Risk and Information Systems (CRISC), Certified Information System Auditor (CISA), Security+, Certified Information Systems Security Professional (CISSP), Systems Security Certified Practitioner (SSCP), or Factor Analysis of Information Risk (FAIR).
- 2+ years' experience working with Information Technology systems, including networks, servers, and/or storage devices.
- Ability to evaluate risk associated with AICPA Statement on Standards for Attestation Engagements 16 and 18 (SAE16/18) Statement of Controls (SOC) 1 and 2 Type I and II reports.
- Experience in healthcare or retail industry.
- Knowledge of the ISO 27001 framework with controls mapped to HIPPA, HITRUST; ability to implement the framework.
- Ability to manage HIPAA Security Risk Assessment process.
- Ability to manage the CCPA Data Subject Request Management process.
- Working understanding of Information Technology components including networks (wired/Wi-Fi), servers and virtualization, storage, and cloud services.
- Proficiency in Microsoft Office Suite: Word, Excel, Access, PowerPoint, Outlook, and Visio.