GRC Controls Consultant | Full Time | Remote
GENERAL SUMMARY:
This position reports to the Manager of Cybersecurity Controls Management within the Cybersecurity Governance, Risk, and Compliance (CGRC) organization and collaborates closely with cross functional enterprise groups to ensure processes and services are implemented and operationalized to meet both the needs of the business and regulatory requirements.
PRINCIPLE DUTIES AND RESPONSIBILITIES:
Responsible for the design and implementation of assigned programs in support of the Cybersecurity Controls strategic roadmap. The position requires technical and operational knowledge of information security, audit, and risk best practices, as well as legal and regulatory compliance requirements that impact privacy and security or introduce risk for the enterprise. The position will support HFH as well as its subsidiaries.
Must have the ability to develop work with minimal supervision, maintain and report against a work plan, give appropriate updates and status reports, and serve as a point of contact and liaison with internal and external auditors, assessors, vendors and clients and assist other staff members.
- Support the Governance Risk and Compliance (GRC) system workflow processes (ex. Control Management, Continuous Monitoring, Control Self-Assessment, Issue Management, Policy Workflow, GRC system updates and testing).
- Assist in the facilitation of the GRC Controls Management program (Data entry, issue monitoring, reporting, governance reporting, escalation processes,
managing MS team site access). - Provide Governance Risk and Compliance (GRC) support for third-party audit requests and reporting requests from leadership.
- Review, test, and support the system upgrades, framework updates, system enhancements, and related changes to the GRC tool.
- Responsible for ensuring Governance Risk and Compliance (GRC) internal controls are performed (ex. User access review, framework updates).
- Participate in continuous learning initiatives specifically related to the Governance Risk and Compliance (GRC) system, IT governance, controls, insurance, healthcare, understanding frameworks, and information technology.
- Meet with the issue owners and leaders to obtain action plans, enter issue data into the GRC tool, and monitor the GRC tool for overdue issues. Follow the issue escalation procedures for past due GRC issues.
- Understand and review functionality within the GRC tool to assist with Policy and Compliance reporting.
- Assist with GRC workflow procedures within the GRC tool (ex. Review control attestation and move Controls into a monitor state).
- Update approved data changes into the GRC tool (ex. new issues, controls, and policies).
- Monitor email and respond to Control Owners with GRC tool questions such access issues, system workflows, and reporting.
- Run reports from the GRC tool to provide third-party audit requests and related reporting.
- Execute GRC tool system test plans (ex. For system upgrades, updates, enhancements, new reporting).
- Participate in continuous learning initiatives specifically related to the Governance Risk and Compliance (GRC) system, IT governance, controls, insurance, healthcare, leading security frameworks, and information technology.
EDUCATION AND EXPERIENCE:
- Bachelor's degree in information systems, Computer Science or related field preferred, relevant work experience/certification considered.
- 3+ years of experience in IT risk mgt, IT Controls mgt or IT Audit mgt.
- Demonstrates strong and effective verbal, written, and interpersonal communication skills, with experience in all at the executive level.
- Ability to prioritize and multi-task in a dynamic, fast paced, and challenging environment.
- Experience with federal and state healthcare information regulations and requirements (e.g. HIPAA) preferred.
- Advanced knowledge of IT systems and functions, process development, change management, and service and implementation lifecycle.
- Knowledge of information security best practices, NIST Cybersecurity Framework and common risk frameworks.
- Can conform to shifting priorities, demands and timelines through analytical and problem-solving capabilities.
Additional Details
This posting represents the major duties, responsibilities, and authorities of this job, and is not intended to be a complete list of all tasks and functions. It should be understood, therefore, that incumbents may be asked to perform job-related duties beyond those explicitly described above.
Overview
Henry Ford Health partners with millions of people on their health journey, across Michigan and around the world. We offer a full continuum of services – from primary and preventative care to complex and specialty care, health insurance, a full suite of home health offerings, virtual care, pharmacy, eye care and other health care retail. With former Ascension southeast Michigan and Flint region locations now part of our team, Henry Ford’s care is available in 13 hospitals and hundreds of ambulatory care locations. Based in Detroit, Henry Ford is one of the nation’s most respected academic medical centers and is leading the Future of Health: Detroit, a $3 billion investment anchored by a reimagined Henry Ford academic healthcare campus. Learn more at henryford.com/careers.
Benefits
The health and overall well-being of our team members is our priority. That’s why we offer support in the various components of our team’s well-being: physical, emotional, social, financial and spiritual. Our Total Rewards program includes competitive health plan options, with three consumer-driven health plans (CDHPs), a PPO plan and an HMO plan. Our team members enjoy a number of additional benefits, ranging from dental and eye care coverage to tuition assistance, family forming benefits, discounts to dozens of businesses and more. Employees classified as contingent status are not eligible for benefits.
Equal Employment Opportunity/Affirmative Action Employer
Equal Employment Opportunity / Affirmative Action Employer Henry Ford Health is
committed to the hiring, advancement and fair treatment of all individuals without regard to
race, color, creed, religion, age, sex, national origin, disability, veteran status, size, height,
weight, marital status, family status, gender identity, sexual orientation, and genetic information,
or any other protected status in accordance with applicable federal and state laws.