InfoSec GRC Analyst

at  Examworks Group Inc

Overview:
Must be familiar with Governance Risk and Compliance(GRC) solutions and technology platforms. General knowledge of security tools, solutions, and appliances in support of security domains such as: network security, e-Mail and end-point security, vulnerability scans, access controls, and log management etc. Basic technical understanding of cloud services principles such as IAAS, SAAS, and PAAS. Practical knowledge and experience with compliance and security framework standards such as SOX, PCI, SOC, NIST, ISO 27001, HITRUST, HIPAA and HITECH. Must have knowledge of compliance audit processes and IT security risk assessment programs. Capable of articulating general IT security policies, processes, and technical controls.

Responsibilities:

• Provide support and contribute to the ExamWorks InfoSec GRC programs such as: Risk Management, Third Party/Vendor Management, Vulnerability/Threat Management, Compliance Management, RFP/SAQ Process Management and others.
• Collaborate with different departments in the analysis, response, and document packages of RFPs and security questionnaires as required by clients of EW business units.
• Assess and monitor security processes and controls to assure compliance with applicable security frameworks, regulatory, and client requirements as well as promote good information security practices.
• Generates reports on assessment findings and summarizes them to facilitate remediation tasks for other IT operational teams.
• Conduct formal risk analysis and self-assessments program for various ExamWorks brands and the associated information services systems, processes, and infrastructure.
• Facilitate HITRUST, SOC2 audit engagement, data/artifact collection, exception remediation and monitoring.
• Key contributor to the design, implementation, and optimization the GRC application or solutions.
• Facilitate HITRUST, SOC2 audit engagement, data/artifact collection, exception remediation and monitoring.
• Contributes to maintenance and update of library of information security control standards and procedures based on Information Security policies and procedures and industry best practices.
• Maintain awareness of changes or updates on security control frameworks, compliance laws and statute and identify the impact to the business and its security posture.
• Compiles management reports, summary analysis, and detailed presentations to describe risk, controls, and maturity assessments.
• Facilitate information security awareness programs and facilitate periodic awareness training, phishing campaigns, security newsletters and publications.
• Conduct or participate in the cross training sessions with the IT Security team in the management and configuration of security tools and technical controls.
• Troubleshooting and resolving security related GRC and technical issues effectively and efficiently.
• Prioritizing, evaluating, resolving and escalating calls or tasks as required.
• Providing appropriately detailed and timely follow-up support with customers (internal and external)
• Providing updates, status, and completion information to the InfoSec Manager - GRC through voice mail, e-mail, or in-person communication.

Qualifications:

EDUCATION AND/OR EXPERIENCE

College Degree in Computer Science or related field with minimum of 2 years in IT security, risk management, compliance, and audit. Practical knowledge and experience with compliance and security framework standards such as SOX, PCI, SOC, NIST, ISO 27001, HITRUST, HIPAA and HITECH. Must have knowledge of compliance audit processes and IT security risk assessment programs. Capable of articulating general IT security policies, processes, and technical controls.

WHO WE ARE

ExamWorks is a leading provider of innovative healthcare services including independent medical examinations, peer reviews, bill reviews, Medicare compliance, case management, record retrieval, document management and related services. Our clients include property and casualty insurance carriers, law firms, third-party claim administrators and government agencies that use independent services to confirm the veracity of claims by sick or injured individuals under automotive, disability, liability and workers’ compensation insurance coverages.
ExamWorks, LLC is an Equal Opportunity Employer and affords equal opportunity to all qualified applicants for all positions without regard to protected veteran status, qualified individuals with disabilities and all individuals without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age or any other status protected under local, state or federal laws.

Responsibilities:

• Provide support and contribute to the ExamWorks InfoSec GRC programs such as: Risk Management, Third Party/Vendor Management, Vulnerability/Threat Management, Compliance Management, RFP/SAQ Process Management and others.
• Collaborate with different departments in the analysis, response, and document packages of RFPs and security questionnaires as required by clients of EW business units.
• Assess and monitor security processes and controls to assure compliance with applicable security frameworks, regulatory, and client requirements as well as promote good information security practices.
• Generates reports on assessment findings and summarizes them to facilitate remediation tasks for other IT operational teams.
• Conduct formal risk analysis and self-assessments program for various ExamWorks brands and the associated information services systems, processes, and infrastructure.
• Facilitate HITRUST, SOC2 audit engagement, data/artifact collection, exception remediation and monitoring.
• Key contributor to the design, implementation, and optimization the GRC application or solutions.
• Facilitate HITRUST, SOC2 audit engagement, data/artifact collection, exception remediation and monitoring.
• Contributes to maintenance and update of library of information security control standards and procedures based on Information Security policies and procedures and industry best practices.
• Maintain awareness of changes or updates on security control frameworks, compliance laws and statute and identify the impact to the business and its security posture.
• Compiles management reports, summary analysis, and detailed presentations to describe risk, controls, and maturity assessments.
• Facilitate information security awareness programs and facilitate periodic awareness training, phishing campaigns, security newsletters and publications.
• Conduct or participate in the cross training sessions with the IT Security team in the management and configuration of security tools and technical controls.
• Troubleshooting and resolving security related GRC and technical issues effectively and efficiently.
• Prioritizing, evaluating, resolving and escalating calls or tasks as required.
• Providing appropriately detailed and timely follow-up support with customers (internal and external)
• Providing updates, status, and completion information to the InfoSec Manager - GRC through voice mail, e-mail, or in-person communication

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

• Applicant must be willing to travel 10-15% of the time
• Applicant must be able to travel outside the US
• Ability to work independently with or without direction and/or supervision.
• Follow instructions and respond to senior managements’ directions accurately
• Ability to effectively interface with a broad range of people and roles.
• Advanced computer troubleshooting, analysis, critical thinking and problem solving skills
• Ability to manage multiple tasks with frequent interruptions, occasionally in urgent situations
• Demonstrate accuracy and thoroughness. Looks for ways to improve and promote quality and monitors own work to ensure quality is met
• Ability to learn multiple programs and systems
• Demonstrate effective communication skills by conveying necessary information accurately, listening effectively and asking questions where clarification is needed
• Ability to effectively interface with a broad range of people and roles.
• Prioritize work activities and use time efficiently
• Flexibility and adaptability in work approach.
• Maintain medical confidentiality
• Demonstrate team behavior and must be willing to promote a team-oriented environment
• Maintain focus and concentrate in close quarters with normal distractions and without distracting others
• Adapt to change in work environment with the ability to manage change, delays, or unexpected events
• Demonstrate reliability by arriving to work on time and by abiding by the attendance policy and occasionally work past the end of the work shift as needed
• Be on call for after-hours coverage as listed on a rotation schedule
• Abide by the company dress code
• Perform miscellaneous duties as needed