Sr. Information Security Governance, Risk and Compliance Analyst
BlueCross BlueShield of Tennessee · United States · 3 days ago
RemoteRemoteLegalFull-time
Job Responsibilities
- Coordinate audit activities including evidence collection, control validation, and auditor engagement.
- Manage and validate control frameworks, maintaining control documentation, mappings, and narratives while partnering with control owners to ensure effectiveness and alignment with Trust Services Criteria and NIST frameworks.
- Track audit & remediation activities, overseeing audit findings, remediation efforts, and timely closure of issues.
- Create and update System Security Plans (SSPs), including control implementations, inheritance, and system boundaries.
- Drive security awareness programs, designing and managing training initiatives, including phishing simulations and targeted campaigns.
- Manage policies & governance documentation, overseeing the full lifecycle of security policies, standards, and procedures to ensure compliance and audit readiness.
- Conduct enterprise & third-party risk management, performing risk assessments, maintaining risk registers, executing vendor risk assessments, and monitoring remediation.
- Oversee vulnerability management, tracking vulnerability remediation against SLAs and collaborating with teams to mitigate risks.
- Support customer security assurance, responding to RFPs and security questionnaires, ensuring accurate, compliant, and consistent security representations.
- Lead by example, actively supporting initiatives across all GRC areas while fostering a culture of collaboration and shared accountability.
Job Qualifications
- Education: Bachelor’s degree in a relevant field or an equivalent of four years of experience is required.
- Experience: Professional experience in Information Security or related IT roles with security-related responsibilities, including at least 2 years focused on Governance, Risk, and Compliance (GRC) functions.
- Experience: Leveraging AI-enabled tools to automate and enhance GRC processes, improving efficiency, consistency, and scalability of governance, risk, and compliance activities preferred.
Skills/Certifications
- Preferred Certifications: CISSP, CRISC, CISA, or CISM.
- Ability: Assess and document organizational risks, including identifying impacts and recommending mitigation strategies.
- Ability: Interpret and apply regulatory requirements and industry frameworks (e.g., NIST, SOC 2, HIPAA) to organizational controls.
- Ability: Analyze security, compliance, and risk metrics to identify trends and drive continuous improvement.
- Ability: Communicate complex risk and compliance concepts clearly to both technical and non-technical stakeholders.
- Ability: Collaborate effectively across cross-functional teams to integrate governance, risk, and compliance practices into business processes.
- Skills: Exceptional time management skills, excellent oral and written communication skills, strong interpersonal skills and ability to cultivate relationships with internal and external stakeholders, promoting diversity of people, perspectives and ideas.
- Worker Type: Employee