Skip to content

Sr. GRC Analyst – Information Security Risk and Controls

Sr. GRC Analyst – Information Security Risk and Controls
Reports to:

The GRC team at CAQH facilitates the Information Security and data governance processes, enables risk-based decision-making, and delivers a compliance foundation to achieve and maintain compliance certifications.

Position Description

The GRC team at CAQH facilitates the Information Security and data governance processes, enables risk-based decision-making, and delivers a compliance foundation to achieve and maintain compliance certifications. In this role, the Sr. GRC Analyst – Information Security Risk and Controls will help evolve, mature, and grow our GRC program.

The Sr. GRC Analyst – Information Security Risk and Controls is a full-time, remote, exempt position.

Specific Responsibilities

  • Drive internal control effectiveness through internal control monitoring, enhancements, and providing thought leadership on control design, operations, and supporting processes and policies.
  • Keep abreast of regulatory and industry developments and advise leadership on the potential impact on the program strategy and plans.
  • Perform security compliance readiness assessments and provide updates, recommendations, and roadmap to senior management.
  • Advise, educate, and train process and control owners with the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures) to better understand the security controls framework and their responsibilities.
  • Recommend, develop, and manage the information security risk register, including the definition and reporting on key risk indicators (KRIs) and key performance indicators (KPIs).
  • Work closely with Information security team members to identify, manage, and monitor risks and their associated remediation activities related to incidents, vulnerabilities, patching anomalies, penetration testing deficiencies, phishing campaigns, security architecture review exceptions and security posture ratings.
  • Define, develop, and implement capabilities to manage third-party cybersecurity risks.
  • Manage review, testing, and improvements to business continuity plans.
  • Maintain the policy repository and support effective policy communication.
  • Proactively identify gaps or conflicts in existing policies and processes and work to develop solutions with internal business partners.
  • Advise policy owners with the preparation, communication, and ongoing maintenance of policies to better understand policy management and their responsibilities.
  • Assist in the design, implementation, training, and standardization of security controls for the processing, storage, and transmission of sensitive data.
  • Advise data owners with the data classification, labeling, retention, and deletion requirements to better understand data governance and their responsibilities.
  • Drive remediation and risk mitigation activities, including root cause analysis, and owning the design, tracking, and progress of action plans across security compliance, policy, or process gap remediation activities and risk mitigation activities in partnership with internal business partners.
  • Effectively communicate program and project execution status, program health and effectiveness, key accomplishments, and risks to CAQH Security Management and business partners.
Knowledge, skills and abilities
  • Advanced understanding of security concepts and practical usage.
  • Advanced experience in policy and data management.
  • Strong understanding of risk management, business resiliency, business continuity, and disaster recovery for a SaaS/cloud-native organization.
  • Strong understanding and practical experience working with amongst others, NIST cyber framework, HITRUST.
  • Familiarity with Governance Risk Compliance (GRC) tools.
  • 4+ years of experience in cyber security, technology risk, GRC, and/or technical compliance roles.
  • Experience preferably in technology or SaaS/Cloud.
  • Functional knowledge of key security domains: security and risk management, asset security, security architecture and engineering, network security, identity and access management, security operations and software development security.
  • Proven security experience in an audit or advisory capacity preferred.
  • Bachelor’s degree or equivalent work experience with at least 5 years of Risk.
  • Assurance/Compliance and or Information Security experience required.
  • CRISC, CISSP, CPA, CISA, PMP, CISM certification(s) preferred.

Who We Are

Named one Modern Healthcare’s “Best Places to Work,” CAQH has helped nearly 1,000 health plans, 2+ million providers, government entities and vendors connect, exchange information and operate more efficiently. CAQH technology-enabled solutions and its Committee on Operating Rules for Information Exchange (CORE) bring the healthcare industry together to make sharing business information more automated, predictable, and consistent. CAQH Insights researches opportunities to reduce the burden of manual processes in healthcare administration.

What You Get

CAQH recognizes that its most important asset is its growing team of smart, creative, collaborative, forward-thinking and passionate professionals – and that a comprehensive employee benefits package is an important factor for them in choosing where to work. CAQH offers competitive compensation along with an extensive benefits package for all full-time employees, including medical, dental and vision coverage, tuition assistance and a 401k. We offer full-time remote work to all staff from any location and maintain a physical office in downtown Washington, DC.

At CAQH, we are proud of our active commitment to Diversity, Equity, and Inclusion (DEI). Our DEI committee works diligently to foster an inclusive workplace where all individuals are valued, respected, and empowered. We embrace diverse perspectives and are dedicated to providing equal opportunities for everyone to thrive. Join us in our mission to transform healthcare through innovative technology solutions while making a positive impact on the lives of diverse communities.

CAQH is an equal opportunity employer. It is our policy to recruit, hire, train, and promote individuals, as well as administer any and all personnel actions, without regard to race, color, religion, sex, national origin or ancestry, age, marital status, disability, protected veteran status, personal appearance, sexual orientation, gender identity or expression, familial status, family responsibilities, matriculation, political affiliation, genetic information, source of income, place of residence, or any other characteristic protected by law. CAQH will not tolerate any unlawful discrimination and any such conduct is strictly prohibited.

Applicants have rights under the Family Medical Leave Act (FMLA)Equal Employment Opportunity (EEO), and the Employee Polygraph Protection Act (EPPA). If you are interested in applying for employment with CAQH and need an accommodation to apply for a posted position, contact CAQH Human Resources at 202-517-0436.