Jobs · Legal

Sr. Information Security Governance, Risk and Compliance Analyst

BlueCross BlueShield of Tennessee · United States · 3 days ago
RemoteRemoteLegalFull-time

Job Responsibilities

  • Coordinate audit activities including evidence collection, control validation, and auditor engagement.
  • Manage and validate control frameworks, maintaining control documentation, mappings, and narratives while partnering with control owners to ensure effectiveness and alignment with Trust Services Criteria and NIST frameworks.
  • Track audit & remediation activities, overseeing audit findings, remediation efforts, and timely closure of issues.
  • Create and update System Security Plans (SSPs), including control implementations, inheritance, and system boundaries.
  • Drive security awareness programs, designing and managing training initiatives, including phishing simulations and targeted campaigns.
  • Manage policies & governance documentation, overseeing the full lifecycle of security policies, standards, and procedures to ensure compliance and audit readiness.
  • Conduct enterprise & third-party risk management, performing risk assessments, maintaining risk registers, executing vendor risk assessments, and monitoring remediation.
  • Oversee vulnerability management, tracking vulnerability remediation against SLAs and collaborating with teams to mitigate risks.
  • Support customer security assurance, responding to RFPs and security questionnaires, ensuring accurate, compliant, and consistent security representations.
  • Lead by example, actively supporting initiatives across all GRC areas while fostering a culture of collaboration and shared accountability.

Job Qualifications

  • Education: Bachelor’s degree in a relevant field or an equivalent of four years of experience is required.
  • Experience: Professional experience in Information Security or related IT roles with security-related responsibilities, including at least 2 years focused on Governance, Risk, and Compliance (GRC) functions.
  • Experience: Leveraging AI-enabled tools to automate and enhance GRC processes, improving efficiency, consistency, and scalability of governance, risk, and compliance activities preferred.

Skills/Certifications

  • Preferred Certifications: CISSP, CRISC, CISA, or CISM.
  • Ability: Assess and document organizational risks, including identifying impacts and recommending mitigation strategies.
  • Ability: Interpret and apply regulatory requirements and industry frameworks (e.g., NIST, SOC 2, HIPAA) to organizational controls.
  • Ability: Analyze security, compliance, and risk metrics to identify trends and drive continuous improvement.
  • Ability: Communicate complex risk and compliance concepts clearly to both technical and non-technical stakeholders.
  • Ability: Collaborate effectively across cross-functional teams to integrate governance, risk, and compliance practices into business processes.
  • Skills: Exceptional time management skills, excellent oral and written communication skills, strong interpersonal skills and ability to cultivate relationships with internal and external stakeholders, promoting diversity of people, perspectives and ideas.
  • Worker Type: Employee

Similar jobs