IT Governance, Risk & Compliance (GRC) Analyst
Imagine a workplace that encourages you to interpret, innovate and inspire. Our employees do just that by helping healthcare payers manage the cost of care, improve competitiveness and inspire positive change. You can be part of an established company with a 40-year legacy that helps our customers thrive by interpreting our client's needs and tailoring innovative healthcare cost management solutions.
Our commitment to diversity, inclusion and belonging are part of the fabric of our company. We strive to create a workplace that fosters mutual respect and collaboration, where every talented individual can participate and perform their best work. We are MultiPlan and we are where bright people come to shine!
We are currently seeking an experienced IT Governance, Risk & Compliance Analyst to work in either our New York City or Naperville, IL office. We offer competitive compensation and fantastic benefits, as well as a collegial workplace in a business-casual dress environment. You’ll also find plenty of options for professional development and advancement with us. If this sounds like the kind of career move you’ve been wanting to make, and if you meet our qualifications, we want to talk with you!
Please note: our offices are currently closed due to the pandemic and our employees are working from home. Once our offices reopen, this position will transition to working in either our NYC office or Naperville, IL office.
As an IT Governance, Risk & Compliance Analyst, you will play a key technical role in the maintenance, configuration and support of the organization’s Governance, Risk and Compliance (GRC) system. You will regularly support the education, establishment, and maintenance of GRC tables/workflows and aid in the coordination of audit and regulatory compliance projects. Additionally, you will assist in maintaining risk management processes (i.e., open risks, risk register, corrective action plans) that govern the information security program. The role will also require you to play an integral role in the development and maintenance of the organization’s third-party program to meet security goals while remaining aligned with client and regulatory requirements.
Your specific duties in this role will include:
1. Support company’s GRC platform in various capacities, including but not limited to:
• Create/modify/remove system tables
• Create/modify/remove workflows
• Add/remove/modify Users, Security Roles, Groups and process requests for access
• Organize and schedule training sessions (Overview Training, New Advance User Training, Working Sessions)
• Troubleshoot and Triage User Issues via email, telephone, messaging and ticketing system
• Executive Report Generation
• Create Reports as requested by users and leadership team
• Maintenance of the GRC system including upgrades, patches and troubleshooting
2. Administer and provide regular application and system support for GRC
3. Analyst existing processes to identify inefficiency and opportunities for improvement
4. Process change requests for modifications to the application configuration.
5. Manage projects to build new functionality, workflows, processes, and/or reporting in the application including requirements gathering, configuration, testing, deployment and user training
6. Develop and maintain all user documentation related to GRC, including user guides and system baselines
7. Participate in the development and maintenance of relationships with various business functions including internal audit and third party auditors.
8. Assist in internal and external audits and reviews of assigned business processes to evaluate adequacy of controls within IT and make recommendations for corrections of weaknesses, and improvements in IT operations.
9. Assist in risk analysis and management program by managing open risks, accepted risks (i.e., risk register) and corrective action plans (i.e., plan of actions and milestones: POAM)
10. Identify opportunities for strengthening IT security throughout the company.
11. Collaborate, coordinate and communicate across disciplines and departments
12. Ensure compliance with HIPAA regulations and requirements.
13. Demonstrate Company’s Core Competencies and values held within.
14. The position responsibilities outlined above are in no way to be construed as all encompassing. Other duties, responsibilities, and qualifications may be required and/or assigned as necessary.