LogixHealth - Senior GRC Specialist - IT

Job Purpose:

- GRC (Governance, Risk, and Compliance) Specialist works with process owners, auditors, and stakeholders to analyze, monitor, and address risk management and compliance issues.

- Responsibilities include administering ISO 27001 and SOC 2 compliance programs, assisting with assessments, and ensuring adherence to SOC2, ISO 27001, PCI, Hi-Trust standards.

Role Description:

- Conduct risk assessments, validation testing, compliance reviews, and audits in line with NIST standards.

- Oversee and support SOC 2 Type 2, Hi -Trust, HIPPA, ISO 27001 audit processes.

- Drive the widespread implementation of ISO 27001 standards across the organization.

- Manage and monitor a central repository for audit evidence.

- Review and update security standards, policies, and practices to meet corporate demands.

- Share information with managers to avoid surprises, highlight problems, and ensure timely delivery.

- Develop and maintain a comprehensive GRC framework, ensuring alignment with industry best practices and regulatory requirements.

- Coordinate with cross-functional teams to identify and mitigate risks associated with IT and business processes.

- Provide expert guidance on regulatory changes and emerging security threats, ensuring the organization remains compliant and secure

- Incident response management.

Key Deliverables:

- Perform audits and risk assessments.

- Track regulatory changes and update policies.

- Educate employees on compliance standards.

- Analyze risk trends and patterns.

- Develop mitigation plans for identified risks.

- Report findings to senior management and the GRC lead.

Qualification:

- Must Possess a Degree in information security, Cybersecurity, Risk Management, IT Management, or a related field

- Relevant certifications such as CISSP, CISM, CRISC, or similar will be a plus