Providence Global Center - Lead - Governance Risk & Compliance Analyst

About Providence

Providence, one of the US's largest not-for-profit healthcare systems, is committed to high quality, compassionate healthcare for all. Driven by the belief that health is a human right and the vision, 'Health for a better world', Providence and its 121,000 caregivers strive to provide everyone access to affordable quality care and services.

Providence has a network of 51 hospitals, 1,000+ care clinics, senior services, supportive housing, and other health and educational services in the US.

Providence India is bringing to fruition the transformational shift of the healthcare ecosystem to Health 2.0. The India center will have focused efforts around healthcare technology and innovation, and play a vital role in driving digital transformation of health systems for improved patient outcomes and experiences, caregiver efficiency, and running the business of Providence at scale.

- Best In-class Benefits

- Reimagining Healthcare

- Supportive Reporting Relation

- Develop, maintain, monitor and enforce IT policies and procedures

- Lead the implementation and monitoring of Information Risk Management processes and ensure organization wide compliance.

- Coordinate internal audits, external audits, attestations, and certification programs (HIPAA, PCI DSS, ISO 27001, HITRUST, URAC, SOC 2)

- Perform regulatory compliance assessments, gap analyses, and readiness reviews.

- Maintain and enhance the Integrated Control Framework aligned with NIST CSF, NIST 800?53, ISO 27001, CIS Controls, HIPAA, PCI DSS.

- Conduct security exception reviews, document risk impact, and manage approval workflows.

- Manage risks related to IT, security, privacy, regulatory compliance, and governance, including emerging technology risk areas and Compliance to efficiently work on frameworks including NIST CSF, CIS Controls, HIPAA, PCI DSS, ITIL, etc.

- Drive risk management and governance strategies for emerging technology areas

- Implement higher-level security requirements and integrate security programs across disciplines.

- Remain current with industry best practices and monitor the legal and regulatory environment for developments.

- Coordinate to automation of risk workflows, exception management, and compliance reporting using GRC tools.

- GRC tool administration, workflow enhancements, and reporting dashboards (ServiceNow IRM).

What would your work week look like?

- Serve as a subject matter expert to ensure and monitor compliance with Industry and Government rules and regulations at Enterprise/Region/Site level.

- Conduct gap analysis and implement Standards Frameworks like NIST 800 53, CSF, ISO 27001, PCI DSS, HIPAA, NIST.

- Conduct Internal audits, security risk assessments for HIPAA, PCIDSS, ISO27001, URAC etc

- Completes security reviews, attestations requested by regulatory/business partners.

- Develop and revise Policies, Standards, Processes and guidelines for the enterprise through change management

- Manage and report overall Governance posture and Report Risk performance against established enterprise risk metrics

- Manage Phishing awareness campaigns

- Manage framework for control governance

- Regularly collaborate with business leaders, application, and product owners to evaluate security needs and impacts of security decisions on business processes as well as to communicate risks

- Advise business-led technology projects on IT Governance awareness and standards compliance

- Bachelor's degree in computer science or a related field.

- Minimum 6 years of experience in Information Security and GRC functions.

- Preferred: 2 years of experience in Healthcare, Pharma, or Biotechnology organizations.

- Strong experience in GRC tool lifecycle management (e.g., configuration, support, workflow optimization).

- Strong project management capabilities with the ability to handle multiple parallel initiatives.

- Excellent written and verbal communication skills, capable of explaining technical concepts to non?technical stakeholders.

- Ability to prioritize, drive, and monitor security programs within agreed timelines.

- Comfortable working in dynamic, high?pressure environments with frequent changes.

- Strong analytical and problem's olving skills with attention to detail.

- Ability to work independently or collaboratively to deliver high?quality outcomes.

- Skilled in communicating IT and security risk concepts to business and leadership teams

- Preferred Certifications: Any 2 of the following ISO 27001. ISO 42001, CISM, CRISC, CISA or other relevant security/GRC certifications.

Note - For your candidature to be considered on this job, you need to apply necessarily on the company's redirected page of this job. Please make sure you apply on the redirected page as well.