Associate, GRC Analyst

---

Job description

Position Summary:
Under the direction of the Manager, Identity Access Management and in support of the Dir, IT Risk & Resiliency and Orlando Health organizational business units, the Associate, GRC Analyst, will be responsible for coordinating governance, risk, and compliance activities
to mitigate and manage. You will collaborate with all departments to ensure an acceptable risk posture for the organization, thereby enhancing the security posture for activities which impact the confidentiality, integrity, and availability of our information assets and
resources, our infrastructure, and our business processes.

Responsibilities:
Essential Functions
• Support key operations of due diligence, on-going monitoring, and risk exception/waiver management.
• Support the delivery of risk metrics that measure overall cybersecurity risk exposure, and work with key stakeholders to define target thresholds, and report on results.
• Performing Third-Party Risk Management duties for critical and high risk third parties through cooperative effort with Third Parties, Business Partners, Risk Partners, and the Procurement Team.
• Coordinating and managing ongoing Third-Party risk assessments on set schedules, including completion of the Inherent Risk Questionnaire and Vendor Risk Questionnaire.
• Responding to requests from customers for information on our security measures.
• Reviewing security clauses in customer and vendor contracts.
• Support in the execution of the general data privacy assessment processes (including third-party assessments), internal control reviews, and risk assessments to monitor compliance with IT and cybersecurity policies/standards.
• Maintaining corporate customer question and answer database.
• Coordinating responses to customers (monthly/quarterly updates) as required by contract.
• Producing and maintaining customer security reference materials.
• Coordinating audit responses and evidence with key stakeholders.
• Producing internal security reports including gathering key statistics.
• Performing other related duties as assigned.

Other Related Functions
• Analytical problem solver who is highly organized and pays close attention to detail.
• Strong written and verbal communication skills; ability to effectively communicate and obtain on board at all levels of the organization and with internal team members across the business.
• Ability to work efficiently with minimal direction and/or oversight as well as part of multiple project teams simultaneously.

Qualifications:
Education/Training
High School or GED

Licensure/Certification
Preferred:
• Cyber Risk Certifications (CISA, CISM, CRISC, CISSP)

Experience
A minimum of 1 year of work experience in third party risk management, information security, risk management and/or IT audit role Knowledge of the NIST Risk Management Framework (RMF) standards

<!– job description page –>