Sr. GRC Analyst – Information Security Risk and Controls

• Drive internal control effectiveness through internal control monitoring, enhancements, and providing thought leadership on control design, operations, and supporting processes and policies.
• Keep abreast of regulatory and industry developments and advise leadership on the potential impact on the program strategy and plans.
• Perform security compliance readiness assessments and provide updates, recommendations, and roadmap to senior management.
• Advise, educate, and train process and control owners with the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures) to better understand the security controls framework and their responsibilities.
• Recommend, develop, and manage the information security risk register, including the definition and reporting on key risk indicators (KRIs) and key performance indicators (KPIs).
• Work closely with Information security team members to identify, manage, and monitor risks and their associated remediation activities related to incidents, vulnerabilities, patching anomalies, penetration testing deficiencies, phishing campaigns, security architecture review exceptions and security posture ratings.
• Define, develop, and implement capabilities to manage third-party cybersecurity risks.
• Manage review, testing, and improvements to business continuity plans.
• Maintain the policy repository and support effective policy communication.
• Proactively identify gaps or conflicts in existing policies and processes and work to develop solutions with internal business partners.
• Advise policy owners with the preparation, communication, and ongoing maintenance of policies to better understand policy management and their responsibilities.
• Assist in the design, implementation, training, and standardization of security controls for the processing, storage, and transmission of sensitive data.
• Advise data owners with the data classification, labeling, retention, and deletion requirements to better understand data governance and their responsibilities.
• Drive remediation and risk mitigation activities, including root cause analysis, and owning the design, tracking, and progress of action plans across security compliance, policy, or process gap remediation activities and risk mitigation activities in partnership with internal business partners.
• Effectively communicate program and project execution status, program health and effectiveness, key accomplishments, and risks to CAQH Security Management and business partners.

CAQH recognizes that its most important asset is its growing team of smart, creative, collaborative, forward-thinking and passionate professionals – and that a comprehensive employee benefits package is an important factor for them in choosing where to work. CAQH offers competitive compensation along with an extensive benefits package for all full-time employees, including medical, dental and vision coverage, tuition assistance and a 401k. We offer full-time remote work to all staff from any location and maintain a physical office in downtown Washington, DC.

At CAQH, we are proud of our active commitment to Diversity, Equity, and Inclusion (DEI). Our DEI committee works diligently to foster an inclusive workplace where all individuals are valued, respected, and empowered. We embrace diverse perspectives and are dedicated to providing equal opportunities for everyone to thrive. Join us in our mission to transform healthcare through innovative technology solutions while making a positive impact on the lives of diverse communities.

CAQH is an equal opportunity employer. It is our policy to recruit, hire, train, and promote individuals, as well as administer any and all personnel actions, without regard to race, color, religion, sex, national origin or ancestry, age, marital status, disability, protected veteran status, personal appearance, sexual orientation, gender identity or expression, familial status, family responsibilities, matriculation, political affiliation, genetic information, source of income, place of residence, or any other characteristic protected by law. CAQH will not tolerate any unlawful discrimination and any such conduct is strictly prohibited.

Applicants have rights under the Family Medical Leave Act (FMLA), Equal Employment Opportunity (EEO), and the Employee Polygraph Protection Act (EPPA). If you are interested in applying for employment with CAQH and need an accommodation to apply for a posted position, contact CAQH Human Resources at 202-517-0436.