Apply now »

Senior Security GRC Analyst

About Providence

Providence, one of the US’s largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, ‘Health for a better world’, Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services.

Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US.

Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale.


Why Us?

  • Best In-class Benefits
  • Inclusive Leadership
  • Reimagining Healthcare
  • Competitive Pay
  • Supportive Reporting Relation

How is this team contributing to the vision of Providence?

We, at Enterprise Services, the healthcare consulting and services arm of Providence India, help build technology solutions that modernize and simplify each step of the healthcare delivery process. And we do that by putting the patient and the provider at the center of everything we do. Using the most promising and practical ideas, combined with the experience and expertise from people from the healthcare industry, we are creating experiences that work for care facilities, their patients and move us ahead on our mission of “Health for a better world“.

 

What will you be responsible for?

  • Be part of Security Governance, Risk and Compliance (GRC) team. Participate and advance the Security GRC capability operating out of India.
  • Manage risks related to the use of Information Technology, Cybersecurity, Data Privacy, regulatory compliance and governance.
  • Conduct Control and Risk Assessment to identify risks, and key mitigating controls. Assessment types include, but are not limited to, Internal Control / Security / Risk Assessment, Third Party Security / Risk Assessment, Third Party Application Security Assessment, Medical Device Security Assessment, etc.
  • Guide business owners and end-users on the implementation of solutions that comply with Cybersecurity policies and standards.
  • Collaborate with stakeholders (e. g. Senior Leadership, Strategic Business Units, IT, Legal) to ensure a consistent process for identifying, assessing, responding and reporting on security risks and compliance gaps.
  • Report overall GRC performance against established organizational metrics.
  • Maintain updated knowledge in the field of Cybersecurity and Data Privacy and monitor the legal and regulatory environment for developments.

 

What would your day look like?

  • Assess design effectiveness and continually monitor operating effectiveness of controls. Follow up, track, analyze and report on Risk Assessment results. Track and monitor risks regularly, evaluating requested security exception and risk level, and risk treatment plans.
  • Lead governance and facilitate remediation recommendations of related issues, gaps, deficiencies, or risks.
  • Advise stakeholders with identifying compensating control alternatives where organizational requirements cannot be met.

 

Who are we looking for?

  • 4-year University (Bachelor’s) degree in Computer Science, Information Technology, or STEM fields, or equivalent experience.
  • 4+ years of Information Systems experience, 2+ years of Information Security / GRC experience.
  • Enthusiastic, results oriented, having a strategic perspective on Cybersecurity.
  • Strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level.
  • Ability to define and communicate risk in business-relevant language.
  • Working experience in developing, testing, evaluating, and reporting Cybersecurity policies and controls.
  • Knowledge of System, Cloud, Network and IAM security configurations and application of risk analysis.
  • Proficient in writing/creation of formal documentation such as policies, processes, procedures, reports and presentations.
  • Adaptable to shifting priorities, demands, and timelines through analytical and problem-solving capabilities. Able to react to project adjustments and alterations promptly and efficiently.
  • Working experience of a GRC tool, such as Archer or MetricStream.
  • Working knowledge of Cybersecurity and Data Privacy best practices and standards (ISO/IEC 27001/27002, 27005, 27701, NIST CSF, NIST SP 800-53, 800-39, SOX 404).
  • Familiarity with Healthcare Cybersecurity and Data Privacy requirements (HIPAA, HITECH).
  • Preferred Security+, SSCP, GSEC or equivalent certification.

Providence’s vision to create ‘Health for a Better World’ aids us to provide a fair and equitable workplace for all in our employment, whether temporary, part-time or full time, and to promote individuality and diversity of thought and background, and acknowledge its role in the organization’s success. This makes us committed towards equal employment opportunities, regardless of race, religion or belief, color, ancestry, disability, marital status, gender, sexual orientation, age, nationality, ethnic origin, pregnancy, or related needs, mental or sensory disability, HIV Status, or any other category protected by applicable law. In furtherance to our mission in building a more inclusive and equitable environment, we shall, from time to time, undertake programs to assist, uplift and empower underrepresented groups including but not limited to Women, PWD (Persons with Disabilities), LGTBQ+ (Lesbian, Gay, Transgender, Bisexual or Queer), Veterans and others. We strive to address all forms of discrimination or harassment and provide a safe and confidential process to report any misconduct.

Contact our Integrity hotline also, read our Code of Conduct.

Apply now »