Senior GRC Analyst, Information Security

Job Description

****Candidate must be able to work in the PST time zone. *****

Job Summary
This position will execute the Information and Cybersecurity Risk Management programs, concentrating on internal and third-party risk assessments and audits. Assessment and compliance activities include validating controls in the IT department, managing risk findings, and verifying their remediation. Must have excellent written and verbal communication skills and a strong understanding of IT risks, cloud security, application systems security, and third-party security. Must be results-oriented with the ability to collaborate with multiple process owners and stakeholders simultaneously.

ESSENTIAL FUNCTIONS

Duties and Responsibilities

• Lead, plan, and conduct periodic cyber and information security risk assessments and audits of third parties enterprise-wide.
• Identify, assess, and document cybersecurity risks for Molina and its suppliers.
• Partner with internal and external auditors to facilitate compliance audits and mitigate findings.
• Manage documentation (e.g., requesting, reviewing, preparing) for regulatory and compliance audits & assessments.
• Ensure compliance with applicable regulations (e.g., HIPAA, NYS DFS) and industry standards (e.g., NIST).
• Develop and maintain security policies, plans, charters, standards, and procedures.
• Promote security awareness through communication, training, and documentation.
• Develop and maintain dashboards to manage and communicate risk to relevant stakeholders.
• Develop and monitor metrics and prepare reports for senior management.
• Monitor the inventory for vendors and suppliers.
• Identify risks and recommend process improvements in the third-party risk management and supply chain program.
• Build strong partnerships and collaborate with cross-functional teams.
• Lead and execute third-party risk mitigation strategies and corrective action plans.
• Monitor and manage third-party risks using GRC and security tools.
• Stay current on developments in the industry and within the company.

Job Qualifications

Required Education
Bachelor's Degree in Information Systems/Security, Computer Science, Cybersecurity, or related field.

Required Experience

• Minimum 5 years relevant experience in cybersecurity with a focus on governance, risk and compliance.
• Professional certification(s) such as Certified Information Systems Auditor (CISA), Certified Information Systems
• Security Professional (CISSP), or Certified in Risk and Information Systems Control (CRISC) required.
• Adaptable to fast-changing environments and comfortable with ambiguity.
• Excellent verbal, written, and interpersonal skills.
• Big 4 or consulting experience.
• Strong proficiency in regulations and industry frameworks (e.g., HIPAA, NIST, HITRUST)
• Experience with GRC and security performance monitoring tools (e.g., Lockpath, ServiceNow, Prevalent, BitSight).
• Ability to travel approximately 10%

To all current Molina employees: If you are interested in applying for this position, please apply through the intranet job listing.

Molina Healthcare offers a competitive benefits and compensation package. Molina Healthcare is an Equal Opportunity Employer (EOE) M/F/D/V.