Information Security Analyst - GRC
Apply NowCompany: InnovAge
Location: Denver, CO 80219
Description:
Responsibilities
The Information Security Analyst - Governance, Risk, and Compliance (GRC) is responsible for supporting the organization's information security and compliance efforts. Under the direction of the Manager of Information Security Risk GRC, this role focuses on ensuring adherence to regulatory requirements and industry standards, including NIST CSF, HIPAA, Sarbanes-Oxley (SOX), and PCI-DSS. The analyst assists in the development, implementation, and management of security policies and procedures, conducts risk assessments, and assists with SOX IT General Controls audit. This position also involves collaborating with various departments to resolve compliance issues, manage vendor risks, and enhance overall security posture. The role requires a solid understanding of security frameworks, cloud security practices, and the ability to stay current with emerging threats and trends.
REQUIRED
PREFERRED
At least 1 GRC or cybersecurity related certifications, including, but not limited to
Benefits
InnovAge is dedicated to empowering seniors to live independently, allowing them to age in their own homes and communities safely. InnovAge offers an alternative to nursing homes through its Program of All-inclusive Care for the Elderly (PACE), which provides enrolled seniors with customized healthcare and social support at PACE Adult Day Health Centers. These centers are staffed by medical professionals who are committed to creating personalized care plans for each participant. At InnovAge, our team members are our greatest asset and have a significant impact on the lives of our participants every day. When you join InnovAge, you'll work alongside talented, respectful, and passionate colleagues within a patient-centered care model.
InnovAge is committed to equal opportunity and affirmative action, and we strive to create a diverse and inclusive workplace. We consider all qualified candidates for employment without discrimination based on race, color, religion, sex, sexual orientation, gender identity/expression, national origin, disability, protected veteran status, pregnancy, or any other protected status. Salaries are determined by various factors such as qualifications, experience, and location, and do not include potential bonuses or benefits. Our extensive benefits package includes medical/dental/vision insurance, short and long-term disability, life insurance and AD&D, supplemental life insurance, flexible spending accounts, 401(k) savings, paid time off, and company-paid holidays.
Applicants are considered until the position is filled.
Posted Salary Range
USD $76,200.00 - USD $84,100.00 /Yr.
The Information Security Analyst - Governance, Risk, and Compliance (GRC) is responsible for supporting the organization's information security and compliance efforts. Under the direction of the Manager of Information Security Risk GRC, this role focuses on ensuring adherence to regulatory requirements and industry standards, including NIST CSF, HIPAA, Sarbanes-Oxley (SOX), and PCI-DSS. The analyst assists in the development, implementation, and management of security policies and procedures, conducts risk assessments, and assists with SOX IT General Controls audit. This position also involves collaborating with various departments to resolve compliance issues, manage vendor risks, and enhance overall security posture. The role requires a solid understanding of security frameworks, cloud security practices, and the ability to stay current with emerging threats and trends.
- Collect, manage, and ensure the accuracy and completeness of SOX IT General Controls (ITGCs) data to meet audit and compliance deadlines.
- Collaborate with IT personnel, internal/external auditors, and other departments to support ITGC activities, resolve findings, and manage control issues.
- General understanding of security frameworks (e.g., NIST CSF, ISO 27001) and how to apply them within the organization's context.
- Assist in ensuring organizational compliance with relevant regulations and standards, including NIST 800-53, NIST CSF, HIPAA (including the HIPAA Security Rule), Sarbanes-Oxley (SOX) ITGC's, and PCI-DSS.
- Assist in identifying and assessing information security risks and gaps.
- Evaluate the risk associated with third-party vendors by analyzing their security practices, compliance with regulations, and overall risk posture.
- Prepare vendor risk assessment reports highlighting identified risks, control gaps, and recommendations for mitigating actions.
- Assist in the development, implementation, and management of information security policies and procedures using NIST 800-53 and NIST CSF.
- Understanding of how security principles and practices are applied within cloud computing environments (Microsoft Azure, Amazon Web Services (AWS), Google)
- Assist in developing and delivering security awareness and training programs for employees.
- Stay up to date on emerging cybersecurity threats and trends and make recommendations for enhancing security measures.
REQUIRED
- 3+ yrs experience in cyber security, with a focus on GRC.
- Possesses an understanding of cybersecurity principles, risk assessment methodologies, and threat landscape analysis.
- Knowledge of regulatory compliance requirements and industry standards.
- Experience conducting vendor risk assessments and developing risk management strategies.
- Knowledge of cyber security frameworks such as NIST Cybersecurity Framework, ISO 27001, etc.
- Understanding of SOX Information Technology General Controls (ITGC) regulatory requirements
- Bachelor's degree in Computer Science, Information Security or related field or related work experience in lieu of degree
PREFERRED
- Previous healthcare experience
At least 1 GRC or cybersecurity related certifications, including, but not limited to
- CompTIA Security+
- CompTIA Advanced Security Practitioner (CASP+)
- Certified in Risk and Information Systems Control (CRISC)
- Certification in Risk Management Assurance (CRMA)
- Certified in Governance, Risk, and Compliance (CGRC)
Benefits
InnovAge is dedicated to empowering seniors to live independently, allowing them to age in their own homes and communities safely. InnovAge offers an alternative to nursing homes through its Program of All-inclusive Care for the Elderly (PACE), which provides enrolled seniors with customized healthcare and social support at PACE Adult Day Health Centers. These centers are staffed by medical professionals who are committed to creating personalized care plans for each participant. At InnovAge, our team members are our greatest asset and have a significant impact on the lives of our participants every day. When you join InnovAge, you'll work alongside talented, respectful, and passionate colleagues within a patient-centered care model.
InnovAge is committed to equal opportunity and affirmative action, and we strive to create a diverse and inclusive workplace. We consider all qualified candidates for employment without discrimination based on race, color, religion, sex, sexual orientation, gender identity/expression, national origin, disability, protected veteran status, pregnancy, or any other protected status. Salaries are determined by various factors such as qualifications, experience, and location, and do not include potential bonuses or benefits. Our extensive benefits package includes medical/dental/vision insurance, short and long-term disability, life insurance and AD&D, supplemental life insurance, flexible spending accounts, 401(k) savings, paid time off, and company-paid holidays.
Applicants are considered until the position is filled.
Posted Salary Range
USD $76,200.00 - USD $84,100.00 /Yr.