Governance Risk Compliance Analyst
Job Description SummaryThe GRC Analyst provides the thought leadership in the discipline of Privacy and is responsible for establishing and maintaining privacy processes, policies, standards, and procedures.
The Privacy Administrator supports privacy investigations and incident response and leads efforts to train and drive awareness entity wide on privacy practices.
They also assist in the execution of other GRC related processes including:
IT Control Management, Compliance, Policy Management, Third Party Risk Management, SOC2 attestation, NIST Cybersecurity and HITRUST framework alignment, Security awareness, Risk assessment methodology and execution, and Data Loss Prevention Responsibilities include but are not limited to:
Develops and maintains privacy governance and compliance controls to minimize risk to the organization.
This includes, but is not limited to, developing and maintaining of a formal privacy program with corresponding processes, policies, standards and procedures; and ensuring compliance to HIPAA and other State or Federal regulatory requirements.
Establishes and maintains processes to identify gaps in privacy controls.
This includes, but is not limited to, reviews / audits of departmental processes, policies, and procedures; reviews / audits of third party vendors; testing of regulatory compliance to HIPAA and other State or Federal requirements; plus development and analysis of metrics.
Develops and maintains a formal privacy and information security training program, as well as supplementing that training with ongoing awareness.
This includes online training supplemented with classroom and individual training.
Utilizes reports and metrics to demonstrate training compliance and effectiveness.
Provides direction and oversight for BCBSA initiatives related to de-identification, masking, and/or encryption of protected health information (PHI) or other personally identification information (PII).
Maintains the BCBSA System wide Incident Response Guidance (SWIRG), the BCBSA Privacy Response Plan, and List Serves, and performs exercises of the plan internally and with external stakeholders on a periodic basis.
Provides oversight on access to and release of protected health information (PHI) and other personally identifiable information (PII), performing periodic reviews of both.
Collaborates with BCBS organizations to share best practices, and either leads or assists with establishing the Privacy & Information Security track for each Blue National Summit (BNS).
Helps ensure third party vendor compliance to BCBSA privacy and information security requirements, reviewing third party questionnaires, engaging Legal and Procurement on disputes, ranking relative risk of third parties, and leading or participating in third party on-site vendor audits.
Helps maintain a framework of controls to safeguard BCBSA sensitive data, and oversees compliance to those controls, utilizing manual and automated processes supplemented with reporting metrics.
Required Education, Certifications and ExperienceBachelors Degree in Information Technology or related field.
Certified Information Privacy Professional (CIPP), and/or Certified Information Privacy Professional / Information Technology (CIPP/IT).
Four (4) years of privacy, information security, planning, administration, audit, or resource and compliance management role.
Experience supporting privacy initiatives; implementing or maintaining policies, processes and procedures; and implementing training and awareness programs.
Experience with unified control frameworks, policy management, internal/external audit management, and data loss prevention.
Working experience in managing 3rd party risk.
Experience in working with GRC technology (e.
g.
, Archer, Open Pages).
Information Technology or related field.
Privacy, information security, planning, administration, audit, or resource and compliance management role.
Must have a full understanding of legal and regulatory requirements relating to Privacy in the healthcare sector including Federal and State legislative mandates and requirements to safeguard Protected Health Information (PHI) and/or Personally Identifiable Information (PII).
This also includes experience with the Health Insurance Portability and Accountability Act (HIPAA).
Working knowledge of integrating security compliance requirements and artefacts into the project management lifecycle and SDLC.
Knowledge and experience in project and change management.
Knowledge of the BCBS system and practices.
Knowledge of vendor management and contract administration.
Relationship, facilitation, presentation and communication skills; ability to collaboratively plan, document, and present privacy risks and achieve buy-in from system custodians and business owners.
Preferred Education, Certifications and ExperienceMaster degreeCertified Information Systems Security Professional (CISSP) Certified Information Security Auditor (CISA)People Management - No Recommended Skills Administration Auditing Automation Certified Information Security Manager Change Management Communication Estimated Salary: $20 to $28 per hour based on qualifications.
The Privacy Administrator supports privacy investigations and incident response and leads efforts to train and drive awareness entity wide on privacy practices.
They also assist in the execution of other GRC related processes including:
IT Control Management, Compliance, Policy Management, Third Party Risk Management, SOC2 attestation, NIST Cybersecurity and HITRUST framework alignment, Security awareness, Risk assessment methodology and execution, and Data Loss Prevention Responsibilities include but are not limited to:
Develops and maintains privacy governance and compliance controls to minimize risk to the organization.
This includes, but is not limited to, developing and maintaining of a formal privacy program with corresponding processes, policies, standards and procedures; and ensuring compliance to HIPAA and other State or Federal regulatory requirements.
Establishes and maintains processes to identify gaps in privacy controls.
This includes, but is not limited to, reviews / audits of departmental processes, policies, and procedures; reviews / audits of third party vendors; testing of regulatory compliance to HIPAA and other State or Federal requirements; plus development and analysis of metrics.
Develops and maintains a formal privacy and information security training program, as well as supplementing that training with ongoing awareness.
This includes online training supplemented with classroom and individual training.
Utilizes reports and metrics to demonstrate training compliance and effectiveness.
Provides direction and oversight for BCBSA initiatives related to de-identification, masking, and/or encryption of protected health information (PHI) or other personally identification information (PII).
Maintains the BCBSA System wide Incident Response Guidance (SWIRG), the BCBSA Privacy Response Plan, and List Serves, and performs exercises of the plan internally and with external stakeholders on a periodic basis.
Provides oversight on access to and release of protected health information (PHI) and other personally identifiable information (PII), performing periodic reviews of both.
Collaborates with BCBS organizations to share best practices, and either leads or assists with establishing the Privacy & Information Security track for each Blue National Summit (BNS).
Helps ensure third party vendor compliance to BCBSA privacy and information security requirements, reviewing third party questionnaires, engaging Legal and Procurement on disputes, ranking relative risk of third parties, and leading or participating in third party on-site vendor audits.
Helps maintain a framework of controls to safeguard BCBSA sensitive data, and oversees compliance to those controls, utilizing manual and automated processes supplemented with reporting metrics.
Required Education, Certifications and ExperienceBachelors Degree in Information Technology or related field.
Certified Information Privacy Professional (CIPP), and/or Certified Information Privacy Professional / Information Technology (CIPP/IT).
Four (4) years of privacy, information security, planning, administration, audit, or resource and compliance management role.
Experience supporting privacy initiatives; implementing or maintaining policies, processes and procedures; and implementing training and awareness programs.
Experience with unified control frameworks, policy management, internal/external audit management, and data loss prevention.
Working experience in managing 3rd party risk.
Experience in working with GRC technology (e.
g.
, Archer, Open Pages).
Information Technology or related field.
Privacy, information security, planning, administration, audit, or resource and compliance management role.
Must have a full understanding of legal and regulatory requirements relating to Privacy in the healthcare sector including Federal and State legislative mandates and requirements to safeguard Protected Health Information (PHI) and/or Personally Identifiable Information (PII).
This also includes experience with the Health Insurance Portability and Accountability Act (HIPAA).
Working knowledge of integrating security compliance requirements and artefacts into the project management lifecycle and SDLC.
Knowledge and experience in project and change management.
Knowledge of the BCBS system and practices.
Knowledge of vendor management and contract administration.
Relationship, facilitation, presentation and communication skills; ability to collaboratively plan, document, and present privacy risks and achieve buy-in from system custodians and business owners.
Preferred Education, Certifications and ExperienceMaster degreeCertified Information Systems Security Professional (CISSP) Certified Information Security Auditor (CISA)People Management - No Recommended Skills Administration Auditing Automation Certified Information Security Manager Change Management Communication Estimated Salary: $20 to $28 per hour based on qualifications.
|
|
 | |
