CareSourceRemote
Information Security GRC Analyst III – Third Party Risk
United States
Full Time
2 weeks ago
$94,100 - $164,800 USD
Visa Sponsor
Key skills
TCP/IPProject ManagementRisk ManagementCommunicationCritical ThinkingPresentation SkillsNetwork Security
About this role
Role Overview
- Measure, monitor, and report on information security risks
- Review and report on vendor/third party risk to support vendor risk management activities
- Engage staff and/or vendors to develop information security risk mitigation plans to address risks identified in Vendor risk reviews
- Monitor and report on information security risk mitigation plans to ensure timely execution
- Engage employees in the management of information security risk and ensure they are aware of their accountabilities with regard to information security risk management
- Regularly assess and report to management any exceptions to information risk management policies, procedures and limits
- Engage with the Enterprise Risk Management office to ensure information risk management policies, procedures and limits are aligned with Enterprise Risk Management policies and guidance
- Contribute and provide input to the development of operational department goals
- Acts as technical expert in functional domain
- Recommends technical advancements to improve CareSource customer and partner experiences
- Perform any other job related instructions as requested
Requirements
- Bachelor Degree or equivalent years of relevant work experience required
- Minimum of seven (7) years of relevant work experience is required
- Strong interpersonal skills including excellent written and verbal communication skills; listening and critical thinking; presentation skills, facilitation skills
- Ability to establish effective working relationships with stakeholders at all different levels
- Flexibility during organizational and/or business changes
- Ability to manage multiple projects while demonstrating a sense of urgency
- Effective problem-solving skills with attention to detail
- Working technical knowledge/experience of the following: IT Audit, Application, server, and network security, Monitoring security events, supporting incident response activities, Sarbanes-Oxley (SOX) compliance, Microsoft Office, Access Management/Authentication and Authorization, Security Monitoring, Data Encryption, Computer Networking Security, Internet protocols (SSL, IPSEC, TCP/IP), Windows Operating System, Project Management
- Certified in Risk and Information System Control (CRISC) or System Security Certified Practitioner (SSCP) preferred
Tech Stack
- TCP/IP
Benefits
- Substantial and comprehensive total rewards package
- Bonus tied to company and individual performance