GRC Compliance & Audit Specialist

Location Address:

Compensation Pay Range:

Minimum Offer $:

Maximum Offer for this position is up to $:

Now hiring a

Summary:

Type of Opportunity:

Job Exempt:

Job is based :

Work Shift:

Responsibilities:

The ITGRC Compliance and Audit Professional is responsible for the oversight and coordination of all IT audit activities both internal and external. The role works closely with Compliance, Internal Audit and other departments in the coordination of planning, responding, and tracking assessment and audit activities related to both Information Security and Information Technology. In addition, this role will support the operationalization of the GRC management functions to ensure compliance with established security controls, industry frameworks, regulatory and legal requirements, organizational policies, and standards. Compliance and Audit Specialist will collaborate with the CISO on the risk management program, including risk assessments, risk analysis, internal and external audits, vendor security risk program and risk register management. Other key activities included in the ITGRC Compliance and Audit Professional will include reviewing existing security policies, assessing that procedures are implemented in accordance with security policies and standards, and that security metrics are being measured. The position does not have any direct reports.

• Responsible for identifying, tracking, and communicating federal, state, local and other pertinent regulatory requirements and regulatory changes impacting both the delivery system and the plan. adapting industry trends for enterprise strategic, financial and IT solutions to senior executive leaders.
• Supports the implementation PHS information governance, risk, and compliance processes.
• Manage the assessment and audit roadmap to support the internal and external assessments and audits required for both the delivery system and the plan.
• Provides oversight for IT policies, procedures and standards. Participates in the development and maintenance of policies, procedures, measures, and mechanisms to deliver GRC, and meet customer requirements.
• Communicates internal and external assessment and audit findings to the CISO and IT Leadership and supports and monitors ITGRC roadmap objectives in the development of effective course of action; and implementation of recommendations.
• Maintains relationships with Legal Privacy, Internal Audit, Quality Regulatory, and Finance.

Preferred Qualifications:

• CISA (Certified Information Systems Auditor)
• CRISC (Certified in Risk and Information Systems Control)
• CISM (Certified Information Security Manager)
• CISSP (Certified Information Systems Security Professional)

Qualifications:

• A Bachelors degree in Information Security, Computer Science, Information Management Systems, or related field required; An advanced degree is strongly preferred.
• 5 years of experience in a combination of governance, risk management, information security and technology jobs.
• 3+ years of experience in a risk management and/or IT audit support role.
• Five plus years of experience in a large over 2,000 end users Healthcare IT Enterprise preferred.
• Experience working within an information security function using ISO 27000, NIST CSF, or NIST 800-53, HIPAA, or HITRUST Common Security Framework.
• Experience supporting SSAE 16 or SOC 2
• Experience using ARCHER
  
  Professional Information Security related certification such as Certified Information Security Auditor CISA, Certified Information Security Manager CISM, or Certified Risk & Information Security Controls CRISC preferred or willing to obtain within the first year of employment.

All benefits-eligible Presbyterian employees receive a comprehensive benefits package that includes medical, dental, vision, short-term and long-term disability, group term life insurance and other optional voluntary benefits.

Wellness
Presbyterian's Employee Wellness rewards program is designed to provide you with engaging opportunities to enhance your health and activate your well-being. Earn gift cards and more by taking an active role in our personal well-being by participating in wellness activities like wellness challenges, webinar, preventive screening and more.

Why work at Presbyterian?
As an organization, we are committed to improving the health of our communities. From hosting growers' markets to partnering with local communities, Presbyterian is taking active steps to improve the health of New Mexicans.

About Presbyterian Healthcare Services
Presbyterian exists to improve the health of patients, members, and the communities we serve. We are locally owned, not-for-profit healthcare system of nine hospitals, a statewide health plan and a growing multi-specialty medical group. Founded in New Mexico in 1908, we are the state's largest private employer with nearly 14,000 employees - including more than 1600 providers and nearly 4,700 nurses.

Our health plan serves more than 580,000 members statewide and offers Medicare Advantage, Medicaid (Centennial Care) and Commercial health plans.

Inclusion and Diversity
Our culture is one of knowing and respecting our patients, members, and each other. We capture this in ourPromise and CARES commitments.

AA/EOE/VET/DISABLED. PHS is a drug-free and tobacco-free employer with smoke free campuses.