Senior Third Party Cybersecurity GRC Analyst
United States
Full Time
4 hours ago
Visa Sponsor
Key skills
CloudCyber SecuritySaaSRisk ManagementCollaborationNetwork Security
About this role
Role Overview
- Support internal and external audit and compliance activities, including HIPAA, HITRUST, NIST, PCI DSS, SOC 2, and other healthcare or cybersecurity-related assessments.
- Lead cybersecurity risk assessments and due diligence reviews for third-party vendors, service providers, SaaS platforms, cloud providers, and other external business partners, including high-risk and critical vendors.
- Evaluate vendor security documentation, including SOC reports, ISO certifications, HITRUST certifications, penetration test summaries, security questionnaires, policies, data flow diagrams, and remediation evidence.
- Communicate directly with vendors to clarify questionnaire responses, request supporting evidence, validate remediation status, and coordinate risk mitigation activities.
- Provides trouble resolution on complex problems and leads implementations for system and network security technologies.
- Develops testing plans to ensure quality of implementation; coordinates and prepares the reporting of data security events and incidents; provides system and network architecture support for information and network security technologies.
- Provides technical support to business and technology associates in risk assessments and implementation of appropriate information security procedures, standards and technologies.
- Represents major upgrades and reconfigurations in change control.
- Design & analyze mix of vendor services meeting business and information security requirements.
- Determine and perform complex configuration changes to meet business and information security requirements.
- Serve as the technical escalation for results of preventative maintenance routines.
- Participate in metrics development, trend analysis, quality reviews, and program maturity initiatives to strengthen Elevance Health’s third-party cybersecurity risk management program.
- Represents infrastructure security support in significant projects and performs the most complex operations and administration tasks.
- Respond to level 3 & 4 change and problem requests without supervision.
- Lead level 1 & 2 incident recoveries and root cause analysis.
Requirements
- Requires a bachelor’s degree or equivalent combination of education and experience that would provide the knowledge to perform such work.
- Experience must include a minimum of 3 years experience in a support & operations or design & engineering role in any of the following areas: access management or network security technologies, servers, networks, Network communications, telecommunications, operating systems, middleware, disaster recovery, collaboration technologies, hardware/software support or other infrastructure services role; or any combination of education and experience, which would provide an equivalent background.
- Requires experience providing top-tier support for 3 or more of the information security technology areas: 1) Access Control, 2) Application Security, 3) Business Continuity and Disaster Recovery Planning, 4) Cryptography, 5) Information Security and Risk Management 6) Legal, Regulations, 7) Compliance and Investigations, 8) Operations Security, 9) Physical (Environmental) Security, 10) Security Architecture and Design, 11) Telecommunications and Network Security.
Tech Stack
- Cloud
- Cyber Security
Benefits
- merit increases
- paid holidays
- Paid Time Off
- incentive bonus programs
- medical
- dental
- vision
- short and long term disability benefits
- 401(k) +match
- stock purchase plan
- life insurance
- wellness programs
- financial education resources