GRC Issue Management Specialist | Privacy Security RMS | Full Time
About the Role:
The Issue Management Specialist supports the enterprise cybersecurity and technology risk issue management function within the Controls Management program. This role is responsible for the day-to-day execution of issue management activities, ensuring that identified security, privacy, and technology control issues are accurately documented, tracked, monitored, validated, and closed in accordance with established governance standards and regulatory expectations. Reporting to the Supervisor, GRC Issue Management, the Issue Management Specialist partners with Cybersecurity GRC, Internal Audit, Privacy, Compliance, IT, and business stakeholders to support timely and effective remediation of issues identified through audits, risk assessments, control testing, regulatory reviews, incidents, and other assurance activities. This role is operational and execution-focused, emphasizing discipline, accuracy, coordination, and follow-through rather than program ownership or people management.
Core competencies include:
- Technical Issue & Remediation Analysis
- Cybersecurity & IT Control Knowledge
- Issue Intake, Documentation, and Lifecycle Tracking
- Remediation Monitoring and Technical Evidence Validation; Risk & Control Interpretation
- Cross Functional Coordination with Technical Teams
- Reporting Accuracy and Data Quality
- Process Adherence and Continuous Improvement.
PRINCIPLE DUTIES AND RESPONSIBILITIES:
- Support the end-to-end lifecycle of cybersecurity, privacy, and technology risk issues, including documentation, technical analysis, remediation tracking, validation, and closure.
- Translate technical control failures, design gaps, and operational deficiencies into clearly articulated issues within the GRC platform.
- Assist with intake and coordination of issues originating from audits, technical assessments, penetration tests, control testing, regulatory reviews, incidents, and third-party risk activities.
- Partner with technical control owners to understand system architectures, security controls, and remediation approaches.
- Track remediation activities against defined action plans and timelines, following up with IT and cybersecurity teams to ensure progress and clarity.
- Perform technical review of remediation evidence, such as:
- Security tool outputs (e.g., vulnerability scans, configuration baselines)
- System configurations and screenshots
- Access control reviews
- Policy and technical standard updates tied to control implementation
- Validate that remediation actions adequately address the root cause and risk intent of the issue prior to closure.
- Escalate overdue items, remediation risks, or insufficient technical evidence to the Supervisor, GRC Issue Management.
- Ensure consistent issue categorization, control mapping, and risk attribution aligned with frameworks such as NIST, HITRUST, ISO, PCI, or HIPAA.
- Support audit and regulatory readiness through accurate issue status reporting and evidence coordination.
- Assist in preparing detailed issue metrics, trend analysis, and technical commentary for leadership and governance forums.
- Contribute to continuous improvement of issue management processes, particularly where clarity around technical controls and remediation quality can be improved.
- Perform other duties as assigned
Education & Experience Required:
- Bachelor's degree in Information Technology, Cybersecurity, Risk Management, or a related field (or equivalent experience), required.
- 2 to 4 years of experience in cybersecurity GRC, IT risk management, audit, compliance, or control assurance, required.
- Experience supporting audit or risk issues through remediation tracking and closure, required.
- Basic working knowledge of regulatory and framework expectations such as HIPAA, HITECH, HITRUST, NIST CSF / 800 53, PCI DSS, or ISO 27001.
- Strong attention to detail and documentation skills.
- Ability to coordinate with both technical and non technical stakeholders.
- This position requires a professional with strong experience in cybersecurity, technology risk, audit, or compliance who can apply structured issue management and risk-based thinking across a complex healthcare environment. Hands on experience with GRC platforms such as ServiceNow GRC, Archer, or OneTrust, preferred.
- Experience supporting issue management activities for audits or regulatory exams, preferred.
- Entry level or progressing certifications such as CISA, CRISC, CISSP, or HITRUST CCSFP, preferred.
- Excellent organizational, communication, and stakeholder management skills.
- Ability to analyze, interpret, and summarize regulations, policies and procedures, reports, and legal documents.
- Demonstrated ability to recruit, train and lead people, set goals and achieve implementation results for security programs and solutions.
- Advanced knowledge of IT systems and functions, process development, change management, and service and implementation lifecycle.
- Demonstrated strong and effective verbal, written, and interpersonal communication skills.
Additional Details
This posting represents the major duties, responsibilities, and authorities of this job, and is not intended to be a complete list of all tasks and functions. It should be understood, therefore, that incumbents may be asked to perform job-related duties beyond those explicitly described above.
Overview
Henry Ford Health partners with millions of people on their health journey, across Michigan and around the world. We offer a full continuum of services – from primary and preventative care to complex and specialty care, health insurance, a full suite of home health offerings, virtual care, pharmacy, eye care and other health care retail. With former Ascension southeast Michigan and Flint region locations now part of our team, Henry Ford’s care is available in 13 hospitals and hundreds of ambulatory care locations. Based in Detroit, Henry Ford is one of the nation’s most respected academic medical centers and is leading the Future of Health: Detroit, a $3 billion investment anchored by a reimagined Henry Ford academic healthcare campus. Learn more at henryford.com/careers.
Benefits
The health and overall well-being of our team members is our priority. That’s why we offer support in the various components of our team’s well-being: physical, emotional, social, financial and spiritual. Our Total Rewards program includes competitive health plan options, with three consumer-driven health plans (CDHPs), a PPO plan and an HMO plan. Our team members enjoy a number of additional benefits, ranging from dental and eye care coverage to tuition assistance, family forming benefits, discounts to dozens of businesses and more. Employees classified as contingent status are not eligible for benefits.
Equal Employment Opportunity/Affirmative Action Employer
Equal Employment Opportunity / Affirmative Action Employer Henry Ford Health is
committed to the hiring, advancement and fair treatment of all individuals without regard to
race, color, creed, religion, age, sex, national origin, disability, veteran status, size, height,
weight, marital status, family status, gender identity, sexual orientation, and genetic information,
or any other protected status in accordance with applicable federal and state laws.