Job Title & Specialty Area : GRC Specialist
Department : IT Security
Location : Dallas, TX
Shift : Monday - Friday
Job Type : Remote (must live in Texas)
Why Children’s Health?
At Children’s Health, our mission is to Make Life Better for Children, and we recognize that their health plays a crucial role in achieving this goal.
Through our cutting-edge treatments and affiliation with UT Southwestern, we strive to deliver an extraordinary patient and family experience, ensuring that every moment, big or small, contributes to their overall well-being.
Our dedication to promoting children’s health extends beyond our organization and encompasses the broader community. Together, we can make a significant difference in the lives of children and contribute to a brighter and healthier future for all.

SUMMARY :

The IT Security Governance, Risk & Compliance (GRC) Specialist plays a critical role in ensuring that the organization adheres to healthcare regulations, mitigates risks, and maintains a robust compliance program. This individual will support governance, risk, and compliance initiatives by assessing regulatory requirements, identifying potential risks, and ensuring alignment with industry standards such as HIPAA, HITECH, NIST CSF, and other relevant frameworks.

WORK EXPERIENCE

At least 1 year of experience in governance, risk and compliance roles, preferably within healthcare - required
Familiarity with healthcare regulations (HIPAA, HITECH, CMS) and industry standard (NIST CSF, HITRUST, ISO 27001) - preferred

EDUCATION

Four-year bachelor’s degree or equivalent experience Healthcare administration, Information Security, Risk Management, or a related field - required

Governance: Assist in developing, maintaining, and enforcing healthcare policies and procedures. Support the implementation and management of governance frameworks, ensuring alignment with organizational objectives and healthcare regulations. Collaborate with stakeholders to ensure compliance with applicable standards and best practices.
Risk Management: Conduct risk assessments, including the identification, analysis, and prioritization of risks related to healthcare operations, IT systems, and third-party vendors. Develop and maintain the organization’s risk register and track remediation efforts. Participate in incident response planning and tabletop exercises to improve organizational preparedness.
Compliance: Monitor and ensure compliance with regulatory requirements such as HIPAA, HITECH, CMS guidelines, and state-specific healthcare laws. Support audit and assessment processes, including preparing documentation, responding to audit requests, and implementing corrective actions. Assist in managing third-party risk assessments, ensuring vendor compliance with healthcare security and privacy standards.
Reporting and Documentation: Prepare and deliver compliance and risk reports to leadership, including metrics, dashboards, and key performance indicators (KPIs). Maintain accurate documentation of compliance activities, risk assessments, and governance efforts.
Collaboration and Training: Partner with internal teams (e.g., IT, Legal, Operations) to address compliance gaps and enhance security posture. Provide training and awareness sessions to staff on healthcare compliance, risk management, and policy requirements. Act as a liaison with external auditors, regulatory agencies, and third-party vendors.