Information Security Specialist - GRC

Apex Systems
Kansas city, MO
29 May 2024

Vacancy expired!

Job#: 1349812

Job Description:
  • Description:In this role, the Assistant Information Security Specialist primarily promotes and enhances the maturity of the core Information Security Program functions of Governance, Risk, and Compliance (GRC).This includes, but is not limited to the following:
    • Develops and maintains information security related documentation, e.g., policies, frameworks, standards, methods & procedures, executive presentations, corporate communications, and knowledge base (KB) articles.
    • Provide principal assistance and proactively lead coordination as Information Security Manager's designated representative for compliance related duties, e.g., scheduled reviews of internal policies and procedures, internal audits and external audits
    • The GRC Specialist serves as a critical resource for staff and leaders regarding information security policy implementation, interpretation, and compliance. This includes active communication with key stakeholders in Corporate Services and with Business Unit Leaders as appropriate.
    • The GRC Specialist assesses and prioritizes information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics.
    • Provide principal assistance and proactively lead coordination as Information Security Manager's designated representative for governance related duties, e.g., reviews of existing documents, as well as development of newly requested documents
    • Provide essential support on a supplemental basis as needed and as appropriate for other key functions of the Information Security program, namely Incident Response, Vulnerability Management, as well as approved Projects or Enhancements.

      The GRC Specialist is responsible for reducing information security and cybersecurity risk by helping to prioritize and drive remediation efforts throughout the organization through the following:
      • Establishing and maintaining governance and compliance standards.
      • Conducting risk assessments of vendor services or products, including but not limited to software, hardware, or other professional services as applicable.
      • Creating, maintaining, communicating, and enforcing information security related documentation, e.g., policies, frameworks, standards, methods & procedures, executive presentations, corporate communications, and knowledge base (KB) articles.
      • Advising senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis.The GRC Specialist independently executes high-quality, enterprise-class solutions consistent with regulations and established frameworks. The GRC Specialist holds team and organization level responsibilities and may lead small to medium scale projects. The Specialist works with employees, and leaders across BMcD, as well as our clients, partners and suppliers, in select instances.
    Governance and Compliance
    • Develops and implements a data security risk reporting framework, aligned with designated frameworks (ISO 27001, NIST SP 800-171, etc.) for management teams and governance committees.
    • Designs and documents technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that BMcD meets both the requirements and intent of its regulatory and compliance obligations.
    • Facilitates the remediation of control gaps and escalates critical issues to leadership.
    • Manages an exception review and approval process, and assures exceptions are documented and periodically reviewed.
    • Prepares for and facilitates examinations by qualified security assessors for regulations such as CMMC. Works closely with control owners and internal and external auditors to ensure requests are completed in a timely manner.
    • Assists with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analyzing information security and compliance metrics for management.

      Information Security Risk Assessment
    • Identifies, analyzes, evaluates, and documents information security risks and controls based on established risk criteria.
    • Conducts security risk assessments of planned and installed information systems to identify vulnerabilities and risks.
    • Recommends controls to mitigate security risks identified via risk assessment process.
    • Communicates risk findings and recommendations that are clear and actionable by business stakeholders.

      Security Policy Management and Workforce Training and Awareness
    • Supports workforce security activities including culture, awareness, and training.
    • Facilitates eDiscovery and collection of data to support investigations of possible security or policy violations. Analyzes information security incidents in collaboration with other stakeholders. Coordinates remediation and awareness training.
    • Researches, recommends, and contributes to information security polices, standards, and procedures. Assists with the lifecycle management of information security policies and supporting documents.
    • Works with other organizational participants to implement information security policies.

      Third-party Supplier and Vendor Risk Management
    • Performs third-party supplier risk assessments to ensure supply chain risk is managed throughout the suppliers lifecycle. Assesses and reports on the risks and benefits for the business as well as mandates for supplier compliance.
    • Articulates results of the final assessments to business stakeholders, project sponsors, program managers, and other internal parties.
    • Assists with review of information security sections within supplier contracts, identifies gaps, and recommends security and data privacy content to close gaps.
    • Maintains inventory of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities.
  • Requirements:EducationMinimumAssociate Degree in Healthcare, Information Technology, Business, or related field (2 years of relevant experience may be considered in lieu of degree in addition to experience below)PreferredBachelor's or Master's degree in Healthcare, Cybersecurity, Information Technology,Engineering, Business, or related field preferred.Work ExperienceMinimum
    • Demonstrated success performing risk assessments, writing policies to comply with governmental regulations, or implementing other key GRC functions.
    • Demonstrated success leading small to medium scale projects.
    Preferred5-7 years of progressively responsible experience in a healthcare setting, addressing risk andcompliance with regulatory requirements (e.g., ISO 27001, SOC 2, PCI DSS, FedRAMP,).Licenses & CertificationsMinimumNonePreferredAdvanced certifications such as HCISSP, CISSP, CEH, CISM, CISA, CCSP, and/or specific training and certification in security risk management and IT controls frameworks, such asNIST CSF and 800-53 and 800-171.

Please reach out to with your resume and target pay rate if interested.

EEO Employer

Apex Systems is an equal opportunity employer. We do not discriminate or allow discrimination on the basis of race, color, religion, creed, sex (including pregnancy, childbirth, breastfeeding, or related medical conditions), age, sexual orientation, gender identity, national origin, ancestry, citizenship, genetic information, registered domestic partner status, marital status, disability, status as a crime victim, protected veteran status, political affiliation, union membership, or any other characteristic protected by law. Apex will consider qualified applicants with criminal histories in a manner consistent with the requirements of applicable law. If you have visited our website in search of information on employment opportunities or to apply for a position, and you require an accommodation in using our website for a search or application, please contact our Employee Services Department at or . Apex Systems is a world-class IT services company that serves thousands of clients across the globe. When you join Apex, you become part of a team that values innovation, collaboration, and continuous learning. We offer quality career resources, training, certifications, development opportunities, and a comprehensive benefits package. Our commitment to excellence is reflected in many awards, including ClearlyRated's Best of Staffing® in Talent Satisfaction in the United States and Great Place to Work® in the United Kingdom and Mexico.
  • ID: #50018311
  • State: Missouri Kansas city 64101 Kansas city USA
  • City: Kansas city
  • Salary: USD TBD TBD
  • Job type: Permanent
  • Showed: 2023-05-29
  • Deadline: 2023-07-27
  • Category: Et cetera