Lead Governance Risk Compliance Analyst at Versant Health

Troy, New York, United States -

Full Time

Start Date

Immediate

Expiry Date

06 Feb, 26

Salary

0.0

Posted On

08 Nov, 25

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Governance, Risk Management, Compliance, IT Security, Audit, HIPAA, NIST, PCI, HITRUST, SOC, Identity Management, Leadership, Risk Assessment, Security Controls, Incident Response, Documentation

Industry

Insurance

Description

Lead IT Security Governance Risk & Compliance Analyst Who are we? Versant Health is one of the nation’s leading administrators of managed vision care, serving millions of our clients’ members nationwide. We are driven by our mission to help members enjoy the wonders of sight through healthy eyes and vision. As a Versant Health associate, you can enjoy a comprehensive Total Rewards package, which includes health and dental insurance, tuition reimbursement, 401(k) with company match, pet insurance, no-cost-to-you vision insurance for you and your qualified dependents. We are also invested in your success. There are many opportunities for advancement and development throughout all stages of your career with us. See how you can make a difference with the support of strong leadership and a team environment. See Everything, Be Anything™. What are we looking for? The Lead IT Security Governance, Risk, and Compliance (GRC) Analyst serves as a senior subject matter expert and team lead, responsible for guiding the GRC program and mentoring analysts. This role partners with leadership to define strategy, drive enterprise-wide risk initiatives, and ensure alignment with organizational objectives. The Lead Analyst provides authoritative recommendations, influences decision-making, and ensures consistent execution of security governance and best practices across the organization. This role is responsible for assisting the Director, Information Security (Governance, Risk, and Compliance) in executing strategic measures to manage and mitigate risks and reduce potential impacts on IT resources to an acceptable level to the business; apply compliance management by ensuring that the business attains its security control objectives by meeting legal, regulatory, industry, and customer requirements; and measure and report associated metrics to ensure that organizational objectives are monitored and achieved. Where you will have an impact. Serve as the primary point of escalation for complex risk and compliance issues, offering expert-level solutions. Drive strategic initiatives to mature the organization’s security governance framework and risk management processes. Represent IT Security in leadership forums, influencing policy development and enterprise risk posture. Coordinate cross-functional teams during audits, assessments, and remediation efforts to ensure timely and effective outcomes. Maintain program reporting, trackers, and controls performance for IT Security, ensuring that operational controls, procedures, and resources are documented effectively to manage risk across all enterprise assets including on-prem, COLO, and cloud resources IT Control Testing & Control Health Complete assigned IT controls on pre-defined intervals (including ad hoc, daily, weekly, monthly, quarterly, and yearly), ensuring the health of all IT controls, and managing corrective action plans needed to address any control gaps, weaknesses, or failures Lead and support compliance audits and assessments by providing comprehensive documentation, evidence, and insights into IT risk management processes Ensure customer compliance commitments are always met, and support all interactions with customer audits of our program Ensure assigned policies and procedures meet audit requirements and periodic update deadlines Conduct training and knowledge transfer on the execution of audit related control execution for end users and management Lead the analysis of complex systems, applications, and processes to evaluate security vulnerabilities and potential threats Evaluate and enhance security controls, configurations, and processes to ensure their effectiveness in mitigating risks Oversee the safeguarding of the organization's IT assets, maintaining the integrity and confidentiality of sensitive information Conduct and supervise comprehensive risk assessments of IT systems, networks, and applications to identify potential vulnerabilities and threats Support development of and oversee the execution of risk and exception mitigation strategies and action plans to address identified vulnerabilities and gaps in security controls. Partner with IT teams and senior business stakeholders to implement robust technical controls, security measures, and risk treatment measures. Provide expert guidance and recommendations on security governance best practices, configurations, and system hardening techniques. Conduct and oversee lessons learned to enhance incident response processes and prevent recurrence. Collaborate with internal audit, legal, and compliance teams to address high-level risk-related inquiries, requests, and reporting requirements. Lead additional projects and perform other duties as assigned. What’s necessary to do the job? Bachelor's degree in related field required An equivalent combination of experience and education will be considered in lieu of a bachelor's degree Five (5) to seven (7) years of IT Security or Audit experience required Minimum of two (2) years in a leadership or team lead capacity within IT Security Experience in managing and accessing information security risks required Detailed knowledge of HIPAA, NIST, PCI, HITRUST, SOC required Experience with enterprise level identity management to support trusted interactions between disparate entities required Healthcare experience preferred CISSP, CISM, CRISC, or CISA preferred HIPAA & Security Requirements All Associates must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI) as described in the Notice of Privacy Practices and HIPAA Privacy Policies and Procedures. As a component of job roles and responsibilities, Associates may have access to covered information, cardholder data or other confidential customer information which must be protected at all times. As a result, Associates must explicitly adhere to all data security guidelines established within the Company’s Privacy & Security Training Program. Versant Health will never request money from candidates who seek employment with us and will never ask for any payment as part of the recruitment process. Versant Health is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at Versant Health without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law.

Responsibilities

The Lead IT Security Governance, Risk, and Compliance Analyst guides the GRC program and mentors analysts while partnering with leadership to define strategy and drive enterprise-wide risk initiatives. This role also involves ensuring consistent execution of security governance and best practices across the organization.