Information Security GRC Anyls

At Houston Methodist, the Information Security Governance, Risk, and Compliance (GRC) Analyst is responsible for managing risks related to information security, privacy, and regulatory compliance within an organization. This role involves developing and implementing policies, assessing risks, ensuring compliance with industry standards and regulations, and implementing control measures to mitigate risks. Key responsibilities include conducting risk assessments, developing risk mitigation strategies, monitoring compliance with frameworks such as ISO 27001, GDPR, NIST, and SOX, conducting vendor risk assessments, and collaborating with different departments to manage risks and ensure compliance. The GRC Analyst also creates and maintains information security standards, conducts gap analyses, and prepares for regulatory examinations.

Requirements:

Qualifications:

LICENSES AND CERTIFICATIONS - REQUIRED

• CISSP - Certified Information Systems Security Professional (IISSCC) OR
• CRISC - Certified Risk and Information Systems Control (ISACA)

KNOWLEDGE, SKILLS, AND ABILITIES

• Demonstrates the skills and competencies necessary to safely perform the assigned job, determined through on-going skills, competency assessments, and performance evaluations

• Sufficient proficiency in speaking, reading, and writing the English language necessary to perform the essential functions of this job, especially with regard to activities impacting patient or employee safety or security

• Ability to effectively communicate with patients, physicians, family members and co-workers in a manner consistent with a customer service focus and application of positive language principles

• Understanding of relevant laws, regulations, and standards

• Knowledge of best practices for developing and implementing compliance programs

• Ability to analyze complex data and identify trends or discrepancies related to compliance and risk

• Proficient in both written and verbal communication to convey compliance issues and policies clearly

SUPPLEMENTAL REQUIREMENTS

WORK ATTIRE

• Uniform No
• Scrubs No
• Business professional Yes
• Other (department approved) No

ON-CALL*
*Note that employees may be required to be on-call during emergencies (ie. DIsaster, Severe Weather Events, etc) regardless of selection below.

• On Call* No

TRAVEL**
**Travel specifications may vary by department**

• May require travel within the Houston Metropolitan area Yes
• May require travel outside Houston Metropolitan area Yes

Company Profile:

Houston Methodist is one of the nation’s leading health systems and academic medical centers. Houston Methodist consists of eight hospitals: Houston Methodist Hospital, its flagship academic hospital in the heart of the Texas Medical Center, and seven community hospitals throughout the greater Houston area. Houston Methodist also includes an academic institute, a comprehensive residency program, a global business division, numerous physician practices and several free-standing emergency rooms and outpatient facilities. Overall, Houston Methodist employs more than 27,000 employees and is supported by a wide variety of business functions that operate at the system level to help enable clinical departments to provide high quality patient care.

Houston Methodist is an Equal Opportunity Employer.

Equal employment opportunity is a sound and just concept to which Houston Methodist is firmly bound. Houston Methodist will not engage in discrimination against or harassment of any person employed or seeking employment with Houston Methodist on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, status as a protected veteran or other characteristics protected by law. VEVRAA Federal Contractor – priority referral Protected Veterans requested.