Senior GRC Security Analyst (remote)

About the position The position at MultiPlan involves supporting leadership in managing vendor and risk management programs, including audits, risk assessments, and security awareness initiatives. The role requires collaboration with various business units and IT stakeholders to execute and enhance the risk management program, ensuring the protection of data and compliance with relevant regulations. Responsibilities • Serve as a trusted advisor and subject matter expert, providing IT risk management services to IT team members and business/risk owners. , • Collaborate with other members of the risk management team to develop standards and processes that protect the confidentiality, integrity, and availability of MultiPlan data. , • Assist in the preparation of presentation materials such as metrics and other complex deliverables on a recurring and ad-hoc basis. , • Provide guidance to IT subject matter experts on audit and assessment requests. , • Work with IT stakeholders, internal and external auditors to ensure successful completion of audits (SOC1, SOC2, SOX and HITRUST). , • Assist in audits and reviews of assigned business processes to evaluate adequacy of controls within IT, on findings and make recommendations for corrections of weaknesses and improvements in operations. , • Conduct internal risk assessments and present findings to stakeholders and risk management committee. , • Manage overall process to intake and respond to client security requests (i.e., questionnaires). , • Develop and implement IT audit programs and testing procedures and processes relevant to risk/compliance and test objectives across IT Departments. , • Utilize audit findings to make appropriate recommendations for the correction of weaknesses within processes and procedures that support continual improvement in operational procedures. , • Conduct information security assessments of third-party vendors to determine their ability to protect MultiPlan data. , • Identify tasks necessary to remediate identified vendor risks and vulnerabilities; negotiate dates for completion of remediation tasks. , • Track progress on remediation of identified vendor risks and vulnerabilities and provide appropriate reporting. , • Analyze existing processes to identify inefficiency and opportunities for improvement. , • Identify, collaborate, coordinate and communicate opportunities for strengthening IT security throughout the company. , • Collaborate, coordinate, and communicate across disciplines and departments design, development and implementation of security controls and policies. , • Ensure compliance with HITRUST, SOX, SOC, HIPAA regulations and requirements. , • Demonstrate Company's Core Competencies and values held within. Requirements • Experience in IT risk management and vendor management programs. , • Strong understanding of audit processes and compliance requirements (SOC1, SOC2, SOX, HITRUST, HIPAA). , • Ability to develop and implement risk management standards and processes. , • Excellent communication and presentation skills for preparing metrics and complex deliverables. , • Proven ability to collaborate with cross-functional teams and stakeholders. Nice-to-haves • Certifications in risk management or information security (e.g., CISM, CISSP). , • Experience with security assessments of third-party vendors. , • Familiarity with healthcare regulations and compliance. Benefits • Health insurance coverage , • 401k retirement savings plan , • Flexible scheduling options , • Professional development opportunities Apply Job!