CareCentrix is committed to making the home the center of patient care.
We have more than 20 years of experience working with payors and providers to create programs that improve quality and lower costs by allowing patients to heal or age where they want to be: at home. We currently manage care for 26 million members through over 8,000 provider locations.
CareCentrix seeks an experienced Information Security Analyst to join its Information Security team, with primary responsibility in executing its Governance, Risk and Compliance (GRC) program. This individual is directly responsible for working with senior management, compliance, legal, and Business Technology leaders to complete internal, vendor, and third party risk assessments; manage internal and third party risk; and to apply the company’s risk governance program.
The right candidate has strong technical skills, excellent verbal and written communication skills, a proven history of increasing responsibility in information security, the ability to work in a fast-paced team environment, and a passion for mentoring and teaching about information security.
- Assist in developing and implementing CareCentrix’s Governance, Risk and Compliance (GRC) program
- Respond to RFPs and client security assessments accurately and in a timely manner
- Drive recurring risk assessments in a timely manner with little supervision or direction
- Conduct third party risk assessments
- Assist the Director of Security in tracking identified risks and exceptions, and managing to resolution
- Collaborate with clients, internal partners, and third parties to prioritize, mitigate and resolve identified risks
- Identify and drive risk scenarios to actualize risk and risk remediation activities
- Establish and maintain the highest level of credibility and trust with business partners and leadership while recommending initiatives, communicating risks, and proposing solutions
- Identify and implement opportunities to drive effectiveness and efficiency into the IT Risk Management process
- Help lead organization-wide information security initiatives
- Provide insight into CareCentrix’s information security roadmap
- Bachelor’s Degree in Computer Science with a focus in Information Security or equivalent experience required
- 6+ years’ experience in information security
- 2 or more years’ experience in risk assessment, including HITRUST CSF, CISSP, CRISC or CISM, and be a Certified HITRUST Common Security Framework Practitioner is strongly preferred
- Previous experience in healthcare or insurance information security is a plus
- Must have proven track record of successful IT risk management
- Must have previous experience in the vendor risk management lifecycle
- Demonstrated passion about information security and commitment to continued education via ISC2’s CISSP or related management and technical information security accreditations