IT Risk Analyst (remote) Job at MultiPlan Inc.
IT Risk Analyst (remote)
Imagine a workplace that encourages you to interpret, innovate and inspire. Our employees do just that by helping healthcare payers manage the cost of care, improve competitiveness and inspire positive change. You can be part of an established company with a 40-year legacy that helps our customers thrive by interpreting our client's needs and tailoring innovative healthcare cost management solutions.
Our commitment to diversity, inclusion and belonging are part of the fabric of our company. We strive to create a workplace that fosters mutual respect and collaboration, where every talented individual can participate and perform their best work. We are MultiPlan and we are where bright people come to shine!
This is a work-from-home position.
JOB SUMMARY:
This position is primarily focused on risk management but also plays a key role in assisting the Director of Risk Management with all aspects of the IT Governance, Risk and Compliance (GRC) program, including day-to-day operations as well as the ongoing strategic and tactical evolution and maturation of the program and processes.
The person who fills this position will be responsible for identification, evaluation and reporting on IT and information security risks, including the risk register used to track and manage risks. This person will be responsible for the GRC application operation and improvement as well as GRC process execution, development and improvements and be involved with third-party risk management, audit and compliance, security questionnaires, and information security governance, including maintaining policies, standards, and procedures and awareness training.
JOB RESPONSIBILITIES:
Risk management
- Maintain the risk register and supporting processes to effectively record, track and manage all IT and information security risks.
- Perform information security risk assessments, following structured processes to evaluate risks, draft statements of inherent and residual risks, and recommend new or revised measures for risk treatment plans.
- Support risk and control owners on selecting and implementing risk treatment plans by providing mentorship on remediation requirements to balance improved effectiveness with the simplicity of the IT control environment.
- Monitor and report on risk treatment efforts, inspecting the results to confirm that the level of risk is within acceptable limits and recommend actions to correct any deviations.
- Develop methods and metrics to monitor, measure and report on risk, compliance and assurance efforts across the organization
GRC process development and improvement
- Drive the development and improvement of and consistent adherence to documented GRC processes that balance efficiency and effectiveness, based on best practices, with a focus on IT risk management.
- Drive GRC program improvements by assisting with tactical and strategic planning of the IT risk management programs
GRC application operation and improvement
- Ensure the ongoing configuration, operation, maintenance and improvement of the GRC application, used to manage governance, risk and compliance requirements and activities.
- Manage projects to build new functionality, workflows, processes, and reporting in the GRC application, including requirements gathering, configuration, testing, deployment and user training.
Audit and compliance
- Stay abreast of changes to regulations, compliance guidelines and information security best practices; recommend changes to controls, policies, and procedures.
- Assist with audit and compliance related matters for HIPAA, HITRUST, SOC2, client requirements, security questionnaires, and other applicable audits and certifications, such as collecting and reviewing audit evidence, evaluating the effectiveness of controls, providing guidance to control owners, and making control improvement recommendations.
- Aid in the development, review and updating of information security policies, procedures, standards, and other information security related documentation to align with MultiPlan risk appetite, regulations, audit requirements, and contractual obligations.
General
- Identify opportunities for strengthening information security throughout the company.
- Assist with the development and implementation of the organization’s security awareness training.
- Collaborate, coordinate, and communicate across disciplines and departments with colleagues in Information Security, IT, Legal, Internal Audit, and others.
- Demonstrate Company’s Core Competencies and values held within.
- The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.
JOB SCOPE:
This incumbent works under limited supervision to complete the job responsibilities as assigned. Work may be varied and complex and involving a large amount of research. The incumbent will have regular contact with all levels, including internal and external parties, to complete objectives, keeping the needs of external and internal customers as a priority when making decisions and taking action.
QUALIFICATIONS:
- 4-8 years of experience in Information Technology, Risk Management, or a related field.
- Experience in the healthcare industry preferred.
- Certifications such as CRISC, CISSP, CISM, CISA
- Understanding of IT technical controls and risks.
- Thorough understanding of risk management principles and methodologies.
- Experience working with GRC systems/tools.
- HITRUST or SOC2 audit experience.
- Knowledge of security frameworks such as NIST, HIPAA, HITRUST or ISO.
- Knowledge of risk frameworks such as OCTAVE, FAIR, ISO, NIST.
- Excellent communication skills (written, verbal and listening); able to clearly communicate complex information in an easy to understand manner; able to deliver message effectively verbally and in writing.
- Ability to present to small and midsize audiences.
- Ability and willingness to learn and maximize the use of technology relevant to job responsibilities.
- Ability to maintain confidentiality of sensitive information.
- Ability to work independently as well within a team.
- Ability to organize, prioritize, and coordinate multiple work activities and meet target deadlines.
- Ability to be flexible when there are schedule or priority changes and last minute requests.
BENEFITS
We realize that our employees are instrumental to our success, and we reward them accordingly with very competitive compensation and benefits packages, an incentive bonus program, as well as recognition and awards programs. Our work environment is friendly and supportive, and we offer flexible schedules whenever possible, as well as a wide range of live and web-based professional development and educational programs to prepare you for advancement opportunities.
Your benefits will include:
Medical, dental, and vision coverage (low copay & deductible)
Life insurance
Short- and long-term disability
401(k) + match
Generous Paid Time Off
Paid company holidays
Tuition reimbursement
Flexible Spending Account
Employee Assistance Program
Summer Hours
**Pursuant to Colorado’s “Equal Pay for Equal Work Act”, the following salary range is provided solely for applicants living in Colorado: $100k-$130k. If an applicant does not live in Colorado, this salary range may not apply. Specific offers take into account a candidate’s education, experience and skills, as well as the candidate’s work location and internal equity. This position is also eligible for health insurance, 401k and bonus opportunity.
EEO STATEMENT
MultiPlan is an Equal Opportunity Employer and complies with all applicable laws and regulations. Qualified applicants will receive consideration for employment without regard to age, race, color, religion, gender, sexual orientation, gender identity, national origin, disability or protected veteran status. If you’d like more information on your EEO rights under the law, please click here.
Please Note :
bankofmontserrat.ms is the go-to platform for job seekers looking for the best job postings from around the web. With a focus on quality, the platform guarantees that all job postings are from reliable sources and are up-to-date. It also offers a variety of tools to help users find the perfect job for them, such as searching by location and filtering by industry. Furthermore, bankofmontserrat.ms provides helpful resources like resume tips and career advice to give job seekers an edge in their search. With its commitment to quality and user-friendliness, Site.com is the ideal place to find your next job.