Senior GRC Security Analyst (remote)

At MultiPlan, we pride ourselves on being a dynamic team of innovative professionals. Our purpose is simple - we strive to bend the cost curve in healthcare for all.

Our dedication to service excellence extends to all of our stakeholders internal and external - driving us to consistently exceed expectations.

We are intentionally bold, we foster innovation, we nurture accountability, we champion diversity, and empower each other to illuminate our collective potential.

Be part of our amazing transformational journey as we optimize the opportunity towards becoming a leading technology, data, and innovation voice in healthcare. Onward and upward!!!

JOB SUMMARY :

This role will support leadership in all aspects and leadership of vendor and risk management programs such as, audits, risk assessments, vendor management, policy management, and security awareness.

Working closely with various business units (Legal, Finance, Operations) and IT stakeholders across the organization, this position will be responsible for executing and maturing the program.

JOB RESPONSIBILITIES :

1. Serve as a trusted advisor and subject matter expert, providing IT risk management services to IT team members and business / risk owners.

2. Collaborate with other members of the risk management team to develop standards and processes that serve to protect the confidentiality, integrity, and availability of MultiPlan data.

3. Assist in the preparation of presentation materials such as metrics, and other complex deliverables on a recurring and ad-hoc basis

4. Provide guidance to IT subject matter experts on audit and assessment requests

5. Work with IT stakeholders, internal and external auditors to ensure successful completion of audits (SOC1, SOC2, SOX and HITRUST)

6. Assist in audits and reviews of assigned business processes to evaluate adequacy of controls within IT, on findings and make recommendations for corrections of weaknesses, and improvements in operations.

7. Conduct internal risk assessments and present findings to stakeholders and risk management committee

8. Manage overall process to intake and respond to client security requests (i.e., questionnaires)

9. Develop and implement IT audit programs and testing procedures and processes relevant to risk / compliance and test objectives across IT Departments.

10. Utilize audit findings to make appropriate recommendations for the correction of weaknesses within processes and procedures that support the continual improvement in operational procedures.

11. Conduct information security assessments of third-party vendors to determine their ability to protect MultiPlan data.

12. Identify tasks necessary to remediate identified vendor risks and vulnerabilities; negotiate dates for completion of remediation tasks.

13. Track progress on remediation of identified vendor risks and vulnerabilities and provide appropriate reporting

14. Analyze existing processes to identify inefficiency and opportunities for improvement

15. Identify, collaborate, coordinate and communicate opportunities for strengthening IT security throughout the company.

16. Collaborate, coordinate, and communicate across disciplines and departments design, development and implementation of security controls and policies

17. Ensure compliance with HITRUST, SOX, SOC, HIPAA regulations and requirements.

18. Demonstrate Company's Core Competencies and values held within.