What you can expect!
Find joy in serving others with IEHP! We welcome you to join us in “healing and inspiring the human spirit” and to pivot from a “job” opportunity to an authentic experience!
The Engineer - Cybersecurity GRC Specialist is a mid-level position in Cybersecurity governance, risk, and compliance functions. This position is responsible for routine operation activities to assure that IEHP security program can demonstrate compliance with regulatory requirements and manage cyber risk properly to safeguard the company’s digital footprint.
This position oversees security assessments, control testing, and regulatory compliance. Responsibilities include coordinating assessment functions, updating control matrices, recommending improvements, ensuring adherence to information security policies, and collaborating with auditors to safeguard protected data. Leadership in implementing the enterprise information security program through expertise in security analysis, risk assessments, awareness initiatives, and policy development is required.
Key Responsibilities:
1. Implement security controls, risk assessment framework, and compliance program aligning with regulatory requirements to advance business objectives.
2. Evaluate risks and develop security policies, procedures, and controls to manage risks and improve security positioning compliance with NIST cybersecurity framework, HIPAA, and PCI-DSS.
3. Implement processes to automate monitoring of security controls, risks, testing, and develop reporting metrics and dashboards.
4. Define and document control ownership, schedule assessments, test control effectiveness, and create risk profile reports.
5. Engage and support stakeholders to implement privacy enhanced technologies to safeguard PII/PHI and other confidential information.
6. Participate and support ongoing GRC workstreams such as internal and external audits, risk assessments, incident response, exposure management, penetration testing, and social engineering tests.
7. Document control failures, provide remediation guidance, and prepare management reports tracking remediation activities.
8. Partner in governance, management, and oversight of all core security program functions.
9. Provide security communications and awareness training and guide other department or projects on security risk identification and remediation.
10. Remain current on best practices and act as technical resource for regulatory compliance.
11. Perform any other duties as required to ensure Health Plan operations and department business needs are successful.
Commitment to Quality: The IEHP Team is committed to incorporate IEHP’s Quality Program goals including, but not limited to, HEDIS, CAHPS, and NCQA Accreditation.