Job Summary:
The Information Security GRC Analyst III managed day to day, short and long term information security risks and ensures activities are within risk tolerance and in compliance with approved risk management policies, procedures and limits.
Essential Functions:
Measure, monitor, and report on information security risks
Review and report on vendor/third party risk to support vendor risk management activities
Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified in Vendor risk reviews
Monitor and report on information security risk mitigation plans to ensure timely execution
Engage employees in the management of information security risk and ensure they are aware of their accountabilities with regard to information security risk management
Regularly assess and report to management any exceptions to information risk management policies, procedures and limits
Engage with the Enterprise Risk Management office to ensure information risk management policies, procedures and limits are aligned with Enterprise Risk Management policies and guidance
Contribute and provide input to the development of operational department goals
Acts as technical expert in functional domain
Recommends technical advancements to improve CareSource customer and partner experiences
Perform any other job related instructions as requested
Education and Experience:
Bachelor Degree or equivalent years of relevant work experience required
Minimum of seven (7) years of relevant work experience is required
Competencies, Knowledge and Skills:
Ability to effectively prioritize and execute tasks while working both independently and in a team-oriented, collaborative environment
Strong interpersonal skills including excellent written and verbal communication skills; listening and critical thinking; presentation skills, facilitation skills
Ability to establish effective working relationships with stakeholders at all different levels
Flexibility during organizational and/or business changes
Ability to manage multiple projects while demonstrating a sense of urgency
Effective problem-solving skills with attention to detail
Working technical knowledge/experience of the following:IT Audit
Application, server, and network security
Monitoring security events and supporting incident response activities
Sarbanes-Oxley (SOX) compliance
Microsoft Office
Access Management/Authentication and Authorization
Scurity Monitoring
Data Enryption
Computer Networking
Security Internet protocols (SSL, IPSEC, TCP/IP)
Windows Operating System
Project Management
Licensure and Certification:
Certified in Risk and Information System Control (CRISC) or System Security Certified Practitioner (SSCP) preferred
Working Conditions:
General office environment; may be required to sit or stand for extended periods of time
Compensation Range:
$94,100.00 - $164,800.00CareSource takes into consideration a combination of a candidate’s education, training, and experience as well as the position’s scope and complexity, the discretion and latitude required for the role, and other external and internal data when establishing a salary level. In addition to base compensation, you may qualify for a bonus tied to company and individual performance. We are highly invested in every employee’s total well-being and offer a substantial and comprehensive total rewards package.
Compensation Type (hourly/salary):
Salary
Organization Level Competencies
Fostering a Collaborative Workplace Culture
Cultivate Partnerships
Develop Self and Others
Drive Execution
Influence Others
Pursue Personal Excellence
Understand the Business
This job description is not all inclusive. CareSource reserves the right to amend this job description at any time. CareSource is an Equal Opportunity Employer. We are dedicated to fostering an environment of belonging that welcomes and supports individuals of all backgrounds.
#LI-GB1