Sr. GRC Security Analyst (remote)

At Claritev, we pride ourselves on being a dynamic team of innovative professionals. Our purpose is simple - we strive to bend the cost curve in healthcare for all. Our dedication to service excellence extends to all our stakeholders - internal and external - driving us to consistently exceed expectations. We are intentionally bold, we foster innovation, we nurture accountability, we champion diversity, and empower each other to illuminate our collective potential.

Be part of our amazing transformational journey as we optimize the opportunity towards becoming a leading technology, data, and innovation voice in healthcare. Onward and Upward!!!

JOB SUMMARY: This role will support leadership in all aspects and leadership of vendor and risk management programs such as audits, risk assessments, vendor management, policy management, and security awareness. Working closely with various business units (Legal, Finance, Operations) and IT stakeholders across the organization, this position will be responsible for executing and maturing the program.

DUTIES:

1. Serve as a trusted advisor and subject matter expert, providing IT risk management services to IT team members and guidance to IT subject matter experts on audit and assessment requests. Support GRC leader to build GRC strategy and multi-year roadmaps to mature Claritev's GRC function.
2. Collaborate with other members of the risk management team to develop standards and processes that serve to protect the confidentiality, integrity, and availability of Claritev data.
3. Provide mentorship and day-to-day support to GRC analysts to enable the team to deliver the best work and develop their professional skills.
4. Provide technical leadership to build GRC's capabilities such as risk management, vendor security assessment, and our compliance program.
5. Drive efforts with IT stakeholders, and internal and external auditors to ensure regulatory compliance with SOC1, SOC2, SOX, and HITRUST as well as compliance with our policies and standards.
6. Assist with audits and reviews of assigned business processes to evaluate adequacy of controls within IT, on findings, and make recommendations for corrections of weaknesses, and improvements in operations.
7. Drive ongoing security assessments to enable Claritev to identify, assess, treat, and monitor cybersecurity risks.
8. Manage and mature the overall process to intake and respond to client security requests (i.e., questionnaires).
9. Develop and implement IT audit programs and testing procedures and processes relevant to risk/compliance and test objectives across IT Departments.
10. Conduct information security assessments of third-party vendors to determine their ability to protect Claritev data.
11. Work with business owners to develop plans to remediate identified vendor risks and vulnerabilities, negotiate dates for completion of remediation tasks, and track and report on progress on remediation of identified vendor risks and vulnerabilities.
12. Build a risk-aware culture by maturing existing risk management processes to monitor, track, measure, and report cyber risks.
13. Collaborate, coordinate, and communicate across disciplines and departments.
14. Ensure compliance with HIPAA regulations and requirements.
15. Demonstrate Company's Core Competencies and values held within.
16. The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.

JOB SCOPE:

In this role, your foundational knowledge, skills, abilities, and personal attributes are anchored in the following:

• Good judgment - the exercise of critical thinking, analyzing and assessing problems and implications, identifying patterns, making connections of underlying issues, understanding risks, developing mitigation strategies, and taking ownership of the outcome.
• Resourcefulness - taking a can-do approach, even in the face of obstacles and constraints by assessing what's in front of you and effectively and efficiently optimizing what you have, whether it's working on something new or thinking about how to do something better.
• Teamwork and communication - putting our collective best together through documentation, collaboration, relationship-building, listening, empathy, recruiting, and evangelism.
• Influence and leadership - fostering a community of knowledge-sharing, collaboration, mentorship, and forward-thinking.
• Skills and knowledge - the capacity to actively learn and apply specific domain knowledge, know-how, and best practices to continually enhance and improve.