GRC Security Analyst
GRC Security Analyst
Burlington Office, 62 Merchants Row, Williston, Vermont, United States of America
Monday, March 13, 2023
Over 35 years strong and fueled by 1,700 smart, passionate employees across New York state and Vermont, MVP is full of opportunities to grow. We are a nationally recognized, award-winning leader for a reason. The beating heart of our company is a wide range of employees from a diverse set of backgrounds-tech people, numbers people, even people people-working together to make health insurance better. If you are ready to join a thriving, mission-driven company where you can create your own opportunities and make a positive difference-it's time to make a healthy career move to MVP!
There are some positions at MVP where your work may require an onsite or community component. When working in an MVP office and/or in the community on behalf of MVP, you must be fully vaccinated against COVID-19, and have received the first booster dose within one month of eligibility.
Position can be Remote/Virtual
This position will be responsible for ensuring MVP's security policies and procedures are maintained and comply with all internal and external regulations and requirements. The Security Analyst is responsible for knowing all applicable health and governmental regulations, how and where these regulations relate to MVP, as well as the impact of the security requirements on business-critical systems. The Security Analyst will work with the Security Team, under the leadership of the CISO, on IT security oversight and compliance and provide hands-on assistance as appropriate to ensure success. In addition, the Security Analyst is directly involved in supporting various audit activities and serves as the liaison between the auditors, the various business units and MVP leadership.
- Develop, implement, and communicate IT and Corporate security policy, standards, best practices, guidance, and procedures
- Work with Business on the creation of Process and Procedure documentation. Provide compliance oversight through regular audits of business units.
- Providing advice on addressing IT information security issues
- Assist with the development of policy awareness efforts and materials for distribution to the user community.
- Draft, review, and comment as needed on translating federal requirements into Department policies and requirements, including, but not limited to: NIST publications, DFS guidance and requirements, CMS and HIPAA.
- Implement HIPAA and HITRUST assessments and implement CSF framework controls to ensure compliance.
- Ensure security vulnerability and risk assessments are conducted as appropriate on any system upgrades, software/hardware changes, etc. Provide oversight and communication as necessary.
- Provide third party oversight including review of contracts, Business Associate Agreements, Information Security Questionnaires, and other artifacts such SOC2 and HITRUST reports.
- Work with Risk Management team to ensure Business Continuance plans are up to date. Assist with regular table-top exercise.
- Oversight of Disaster Recovery Process. Assist with Annual DR testing and DR report to executive leadership.
- Support annual recertification of accounts – ensure new accounts have appropriate access and any inactive accounts are deactivated. Provide hands-on assistance to Business Units as necessary.
- Create Cybersecurity dashboard and presentations for Board Risk and Compliance Committee.
- Manage and maintain IT security Risk Register. Coordinate with Enterprise Risk Team to ensure all risks are tracked and actively worked on for remediation.
- Work with business to identify and manage risks associated with policy violations and exceptions.
- Bachelor's Degree, or an equivalent combination of formal education and experience.
- Candidates should be well-versed in risk management, knowledge regarding SDLC, and perform in security tasks throughout preferred.
- Working understanding of HIPAA compliance, requirements of all phases of Certification and Accreditation (C&A) and creating documentation in accordance with NIST guidance strongly preferred.
- Candidate should have strong analytical and organizational skills.
- Candidate should have concise writing skills, excellent MS Word skills as well as other MS Office Applications.
- Personnel shall be well versed with NIST publications and other Health related publications and their requirements and impact on system security.
MVP Health Care is a nationally recognized, not-for-profit health insurer caring for more than 700,000 members in New York and Vermont. Committed to the complete well-being of our members and the communities we serve, MVP makes health insurance more convenient, more supportive, and more personal. We are powered by the ideas and energy of more than 1,700 diverse, employees from all backgrounds, committed to having a positive impact on the health and wellness of everyone we serve. MVP Health Care is an Affirmative Action/ Equal Employment Opportunity (PDF). We recruit, employ, train, compensate, and promote without regard to race, religion, creed, color, national origin, age, gender, sexual orientation, marital status, disability, genetic information, veteran status, or any other basis, e.g., Pay Transparency (PDF), and the Know your Rights protected by applicable federal, state or local law. Any person with a disability needing special accommodations to the application process, please contact Human Resources at email@example.com
Please apply and learn more – including how you may become a proud member of our team.
- Job Family Information Technology & Transformation Services
- Pay Type Salary
The largest community on the web to find and list jobs that aren't restricted by commutes or a specific location.