The GRC Specialist will be responsible for all or some of the below, as appropriate:
Directly responsible for information security procedures and controls to ensure compliance with applicable regulatory requirements, including but not limited to HIPAA, PCI, and local statutes.
Oversee the creation of enterprise security documents (e.g., policies, standards, processes, and procedures) to adhere to industry best practices, laws and organizational requirements and ensure that policies are reviewed and updated regularly, as required by Renown policy.
Establish and oversee formal risk analysis and self-assessment programs for IT systems and processes.
Respond to audit action items which includes providing supporting documentation to auditors, evaluating audit results for relevance/accuracy, and working with teams to remediate audit findings.
Responsible for organizational wide information security training and awareness to ensure employees understand the integral role they play in safeguarding the companys information assets against unauthorized use and disclosure.
Oversee the Third Party Risk Management (TPRM) program to ensure that Renown does not inherit unacceptable risk by doing business with a vendor.
Oversee the Data Leakage Prevention (DLP) program in order to assure data privacy and security is in compliance with company policies and state and federal laws.
Provide oversight and guidance to effectively analyze, assess and document the security risk any new technologies and/or ideas would present to the Renown network.Provide recommendations on compensating controls to mitigate security risks and allow solution to be implemented securely.
Provide oversight and/or guidance on the design and execution of vulnerability assessments, penetration tests and security audits.
Maintain expertise on security trends through training and research in order to consult and opine on potential security exposures.
Mentor, coach and lead a small team of Information Security personnel as necessary.
The incumbent, under guidance of the CISO, has the authority to change, determine and/or request the available resources required to ensure the security of Renown systems and data, and to make decisions and recommendations relative to maintaining a secure IT environment or improving business functionality. Decisions that must be referred to the CISO include software and hardware acquisitions, personnel management, policy deviations, financial matters, and changes that could adversely impact network, system, or application security performance and/or integrity.
The GRC Specialist will audit user activity to enforce compliance with regulatory and policy requirements to mitigate risk and protect Renown Healths information assets.
This position does not provide patient care.