Children's Health System of Texas
IT Security GRC Sr Specialist
Children's Health System of Texas, Dallas, Texas, United States, 75215
GRC Sr Specialist
The IT Security Governance, Risk & Compliance (GRC) Sr Specialist plays a critical role in ensuring that the organization adheres to healthcare regulations, mitigates risks, and maintains a robust compliance program. This individual will support governance, risk, and compliance initiatives by assessing regulatory requirements, identifying potential risks, and ensuring alignment with industry standards such as HIPAA, HITECH, NIST CSF, and other relevant frameworks. Additionally, this role serves as a key resource and mentor for junior-level roles, providing guidance and expertise to foster skill development and support the overall effectiveness of the GRC team. Responsibilities: Governance: Assist in developing, maintaining, and enforcing healthcare policies and procedures. Support the implementation and management of governance frameworks, ensuring alignment with organizational objectives and healthcare regulations. Collaborate with stakeholders to ensure compliance with applicable standards and best practices. Risk Management: Conduct risk assessments, including the identification, analysis, and prioritization of risks related to healthcare operations, IT systems, and third-party vendors. Develop and maintain the organization's risk register and track remediation efforts. Participate in incident response planning and tabletop exercises to improve organizational preparedness. Compliance: Monitor and ensure compliance with regulatory requirements such as HIPAA, HITECH, CMS guidelines, and state-specific healthcare laws. Support audit and assessment processes, including preparing documentation, responding to audit requests, and implementing corrective actions. Assist in managing third-party risk assessments, ensuring vendor compliance with healthcare security and privacy standards. Reporting and Documentation: Prepare and deliver compliance and risk reports to leadership, including metrics, dashboards, and key performance indicators (KPIs). Maintain accurate documentation of compliance activities, risk assessments, and governance efforts. Collaboration and Training: Partner with internal teams (e.g., IT, Legal, Operations) to address compliance gaps and enhance security posture. Provide training and awareness sessions to staff on healthcare compliance, risk management, and policy requirements. Act as a liaison with external auditors, regulatory agencies, and third-party vendors. Serves as a key resource and mentor for junior-level roles, providing guidance and expertise to foster skill development and support the overall effectiveness of the GRC team. How You'll Be Successful: Work Experience: At least 3 years of experience in governance, risk and compliance roles, preferably in healthcare - required Familiarity with healthcare regulations (HIPAA, HITECH, CMS) and industry standards (NIST, CSF, HITRUST, ISO 27001) - required Education: Four-year bachelor's degree or equivalent experience in Healthcare Administration, Information Security, Risk Management, or a related field - required Graduate or professional work or advanced degree; or equivalent experience in GRC related field - preferred Licenses and Certifications: CHC, CISA, CCSFP, CISSP - preferred A Place Where You Belong: We put our people first. We welcome, value, and respect the beliefs, identities, and experiences of our patients and colleagues. We are committed to delivering culturally effective care, creating meaningful partnerships in the communities we serve, and equipping and developing our team members to make Children's Health a place where everyone can contribute. Holistic Benefits How We'll Care for You: Employee portion of medical plan premiums are covered after 3 years. 4%-10% employee savings plan match based on tenure Paid Parental Leave (up to 12 weeks) Caregiver Leave Adoption and surrogacy reimbursement As an equal opportunity employer, Children's Health does not discriminate against employees or applicants because of race, color, religion, sex, gender identity and expression, sexual orientation, age, national origin, veteran or military status, disability, or genetic information or any other Federal or State legally-protected status or class. This applies to all aspects of the employer-employee relationship including but not limited to recruitment, hiring, promotion, transfer pay, training, discipline, workforce adjustments, termination, employee benefits, and any other employment-related activity.
The IT Security Governance, Risk & Compliance (GRC) Sr Specialist plays a critical role in ensuring that the organization adheres to healthcare regulations, mitigates risks, and maintains a robust compliance program. This individual will support governance, risk, and compliance initiatives by assessing regulatory requirements, identifying potential risks, and ensuring alignment with industry standards such as HIPAA, HITECH, NIST CSF, and other relevant frameworks. Additionally, this role serves as a key resource and mentor for junior-level roles, providing guidance and expertise to foster skill development and support the overall effectiveness of the GRC team. Responsibilities: Governance: Assist in developing, maintaining, and enforcing healthcare policies and procedures. Support the implementation and management of governance frameworks, ensuring alignment with organizational objectives and healthcare regulations. Collaborate with stakeholders to ensure compliance with applicable standards and best practices. Risk Management: Conduct risk assessments, including the identification, analysis, and prioritization of risks related to healthcare operations, IT systems, and third-party vendors. Develop and maintain the organization's risk register and track remediation efforts. Participate in incident response planning and tabletop exercises to improve organizational preparedness. Compliance: Monitor and ensure compliance with regulatory requirements such as HIPAA, HITECH, CMS guidelines, and state-specific healthcare laws. Support audit and assessment processes, including preparing documentation, responding to audit requests, and implementing corrective actions. Assist in managing third-party risk assessments, ensuring vendor compliance with healthcare security and privacy standards. Reporting and Documentation: Prepare and deliver compliance and risk reports to leadership, including metrics, dashboards, and key performance indicators (KPIs). Maintain accurate documentation of compliance activities, risk assessments, and governance efforts. Collaboration and Training: Partner with internal teams (e.g., IT, Legal, Operations) to address compliance gaps and enhance security posture. Provide training and awareness sessions to staff on healthcare compliance, risk management, and policy requirements. Act as a liaison with external auditors, regulatory agencies, and third-party vendors. Serves as a key resource and mentor for junior-level roles, providing guidance and expertise to foster skill development and support the overall effectiveness of the GRC team. How You'll Be Successful: Work Experience: At least 3 years of experience in governance, risk and compliance roles, preferably in healthcare - required Familiarity with healthcare regulations (HIPAA, HITECH, CMS) and industry standards (NIST, CSF, HITRUST, ISO 27001) - required Education: Four-year bachelor's degree or equivalent experience in Healthcare Administration, Information Security, Risk Management, or a related field - required Graduate or professional work or advanced degree; or equivalent experience in GRC related field - preferred Licenses and Certifications: CHC, CISA, CCSFP, CISSP - preferred A Place Where You Belong: We put our people first. We welcome, value, and respect the beliefs, identities, and experiences of our patients and colleagues. We are committed to delivering culturally effective care, creating meaningful partnerships in the communities we serve, and equipping and developing our team members to make Children's Health a place where everyone can contribute. Holistic Benefits How We'll Care for You: Employee portion of medical plan premiums are covered after 3 years. 4%-10% employee savings plan match based on tenure Paid Parental Leave (up to 12 weeks) Caregiver Leave Adoption and surrogacy reimbursement As an equal opportunity employer, Children's Health does not discriminate against employees or applicants because of race, color, religion, sex, gender identity and expression, sexual orientation, age, national origin, veteran or military status, disability, or genetic information or any other Federal or State legally-protected status or class. This applies to all aspects of the employer-employee relationship including but not limited to recruitment, hiring, promotion, transfer pay, training, discipline, workforce adjustments, termination, employee benefits, and any other employment-related activity.