Posted in Other about 18 hours ago.
Grow Healthy
If you are as passionate about helping those in need as you are about growing your career, consider AltaMed. At AltaMed, your passion for helping others isn’t just welcomed – it’s nurtured, celebrated, and promoted, allowing you to grow while making a meaningful difference. We don’t just serve our communities; we are an integral part of them. By raising the expectations of what a community clinic can deliver, we demonstrate our belief that quality care is for everyone. Our commitment to providing exceptional care, despite any challenges, goes beyond just a job; it’s a calling that drives us forward every day.
Job Overview
The Senior IT Governance, Risk, and Compliance (GRC) Analyst will be responsible for the corporate-wide IT GRC program. This person will work closely with Information Services, Office of Compliance and Risk Management (OCRM), Legal, HR and Procurement to ensure reasonable and appropriate IT controls are in place to minimize risk and ensure compliance with AltaMed’s Information Security Policy and Standards, the HIPAA Security Rule, Data Privacy regulations and the Payment Card Industry – Data Security Standards (PCI-DSS). This person will assist with the development, implementation and maintenance of AltaMed’s Information Security Policies, standards and guidelines and be a SME for HIPAA, PCI and Privacy. Additionally, this person will also be responsible for leading vulnerability management efforts, vendor and risk management programs, including leading the risk-based change management program, and liaise with internal / external auditors to ensure audits lead to a successful outcome, and be responsible for the Security Exception/Risk Acceptance process. The position will also manage, maintain and administer the company’s IT Risk Register and Information Security Awareness Training program.
Minimum Requirements
Minimum Education Level: Bachelor’s Degree, Business, Information Systems Management or related field.
5 years of full-time work experience in IT audit or IT risk management. Experience in leading security assessments, IT vendor risk assessments, and InfoSec control management.
Working knowledge of HIPAA, Privacy and PCI data requirements and other state / federal regulatory requirements pertaining to sensitive information.
Understanding of common Information Security and Information Technology frameworks and standards such as NIST CyberSecurity Framework (CSF), NIST 800-30 Risk Assessment framework, ISO27000 series, CIS Critical Controls, and SSAE-18 SOC-2 Type II audit requirements.
Basic understanding of technical aspects of information security.
Working knowledge of common IT technologies and processes.
Thorough understanding of risk management principles and methodologies.
Ability to transform abstract regulatory requirements into cohesive compliance actions.
Good communication skills including ability to present technical subjects to non-technical audiences.
Strong work ethic, attention to detail, and organizational skills.
Ability to multi-task and manage priorities in a fast-paced environment.
Ability to collaborate in a team setting and moderate conversations involving cross-functional groups.
Proficient with the Microsoft office suite; presentation development skills.
General knowledge of technologies and services commonly deployed within Information Security.
Experience with application security, SaaS, and/or cloud security is a plus.
Must hold and active Certified Information Systems Security Professional (CISSP) certification.
Compensation
$118,233.06 - $147,791.33 annuallyCompensation Disclaimer
Actual salary offers are considered by various factors, including budget, experience, skills, education, licensure and certifications, and other business considerations. The range is subject to change. AltaMed is committed to ensuring a fair and competitive compensation package that reflects the candidate's value and the role's strategic importance within the organization. This role may also qualify for discretionary bonuses or incentives.
Benefits & Career Development
Job Advertisement & Application Compliance Statement
AltaMed Health Services Corp. will consider qualified applicants with criminal history pursuant to the California Fair Chance Act and City of Los Angeles Fair Chance Ordinance for Employers. You do not need to disclose your criminal history or participate in a background check until a conditional job offer is made to you. After making a conditional offer and running a background check, if AltaMed Health Service Corp. is concerned about a conviction directly related to the job, you will be given a chance to explain the circumstances surrounding the conviction, provide mitigating evidence, or challenge the accuracy of the background report.
AltaMed Health Services Corporation is committed to providing equal employment opportunities for all qualified individuals. We strictly prohibit discrimination in employment based on race, color, creed, religion, marital status, sexual orientation, registered domestic partner status, sex, gender, gender identity or expression, ancestry, national origin, age, medical condition, physical or mental disability, military or protected veteran status, pregnancy or perceived pregnancy, childbirth, breastfeeding or related medical conditions, genetic information, or any other characteristic protected by local, state, or federal law, ordinance, or regulation.
We are committed to promoting equality and inclusivity beyond our recruitment and hiring processes. We aim to create a respectful, valued, and inclusive workplace through training, advancement opportunities, and access to resources and support. We focus on fostering a diverse workforce because it enriches our organization and improves our ability to effectively serve our clients and community. We encourage individuals from all backgrounds to apply and join us in our mission to create a positive impact.
PI254448673
clairesinc |
Greif Packaging LLC |