Governance Risk Compliance (GRC) Analyst
THE OPPORTUNITY
At Kalderos, it is our mission to redefine how the business of healthcare performs by providing clarity to the current disjointed drug discount management system. We’re looking for passionate individuals to join us as we fulfill that mission together.
The Position
The Information Security Governance, Risk and Compliance Analyst will assist with information security and privacy risk management functions. The Analyst assures Kalderos adherence to applicable federal and state regulations; develops and conducts periodic risk assessments; assists with policy and control development and maintenance; prepares Kalderos for applicable security and privacy audits and certifications; and assists with Kalderos’ vendor management program, including activities related to risk management, due diligence, contract provisions, vendor reviews, and ongoing monitoring requirements. The Analyst reports directly to the Manager, Information Security Governance, Risk and Compliance and frequently coordinates with the Information Security and Technology teams to ensure effective completion of security requirements and activities.
What you’ll bring
- BS/BA in a technical field or equivalent practical experience
- 3-5 years of experience in Information Security Governance, Risk and Compliance
- Experience with Risk Management and Information Security strategy, practices, technologies and tools
- Proven track record of conducting efficient and regular risk assessments, and facilitate auditing and monitoring activities
- Familiar with Information Security frameworks and standards, such as NIST, SOC 2, ISO 27001
- Comfortability working in or with a technology organization
- Experience in the healthcare space with knowledge of existing and emerging federal and state requirements related to privacy and security of health information (HIPAA)
- Expertise with data privacy concepts and program operations (GDPR/CCPA) is a plus
Set yourself apart:
- Knowledge of current Cloud security architecture, software and database technologies
- Understanding of risk management from the technology perspective
- Strong professional and interpersonal skills
- Ability to maintain a high level of confidentiality
- Demonstrated ability to complete projects in a timely manner with little supervision or direction
- Demonstrated ability to set priorities and to respond to changing demands from multiple sources in a fast-paced environment
- Ability to follow through, meet deadlines, anticipate requirements, and build relationships
- Strong analytical, decision-making, and problem-solving skills
- Excellent verbal and written communication skills
- Excellent time management and organizational skills
- Knowledge of JIRA and Confluence is a plus
Recommended Certifications
- CRISC – Certified Risk and Information Security Control
- CISM - Certified Information Security Manager
- CISA - Certified Information Systems Auditor
- CISSP - Certified Information Systems Security Professional
- CHPC - Certified in Healthcare Privacy Compliance
Kalderos is an equal opportunity workplace. We are committed to equal opportunity regardless of race, color, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status.