Brown University Health
Join to apply for the
IS Security GRC Analyst
role at
Brown University Health
The IS Security Governance, Risk & Compliance (GRC) Analyst is a critical member of the Chief Information Security Officer's (CISO's) team and reports to the Director of Information Security. The IS Security GRC Analyst plays a pivotal role in the Information Security team, driving the development and implementation of the organization’s security governance framework. This position is responsible for creating and managing security metrics, facilitating exception requests, conducting vendor security risk assessments, and maintaining key documentation such as information security policies and the risk register. The role ensures that the healthcare organization maintains compliance with regulatory requirements, industry standards, and internal policies while proactively managing security risks.
Principal Duties & Responsibilities
Brown University Health employees are expected to successfully role model the organization’s values of Compassion, Accountability, Respect, and Excellence.
Develop, review, and update information security policies, procedures, and standards to reflect best practices, regulatory requirements, and evolving threats.
Monitor regulatory changes and industry trends to ensure ongoing compliance and policy relevance.
Maintain crosswalks between organization policies and regulatory standards.
Assist in ensuring compliance with relevant regulatory standards, including HIPAA, HITECH, PCI-DSS, NIST
Design and implement metrics to measure the effectiveness of the information security program, including incident trends, security stack deployment, and risk levels.
Develop dashboards and reports for senior management, detailing the status of the information security program and highlighting areas for improvement.
Facilitate the process for security policy exceptions, including reviewing requests, meeting with business owners, assessing risk, and documenting approvals.
Conduct and/or oversee vendor security risk assessments, evaluating third-party practices for alignment with the organization’s security requirements.
Identify opportunities for improvement in governance, risk, and compliance practices, recommending updates to processes and controls.
Provide expert level guidance to IT staff and the business regarding all Information Security policies, standards, processes, and procedures.
Work with various infrastructure teams and business units to ensure policy compliance and adherence to security best practices.
Participate in security projects and provide expert guidance on security policy, process, and procedures for other IT projects.
Attend various IT meetings that require an IS Security representative.
Participate in compliance / audit activities as requested by internal and external auditors.
Support Brown University Health’s Legal e‑discovery processes to include identification, collection, preservation, and processing of relevant data.
Manage Governance, Risk and Compliance platform.
Maintain work effort status within SLA’s on Brown University Health’s Service Desk and Task Management Platforms.
Perform other duties as assigned.
Experience
A minimum of 10 years of IS experience, with 5 years in an information security role.
A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
Certifications (3 or more – Security+, CCSP, CISA, CISM, CRISC, CISSP, GIAC, Network+, ITIL, Project+)
Strong understanding of regulatory requirements, security frameworks, and risk management methodologies (e.g., HIPAA, HITECH, NIST, ISO 27001).
Experience with security metrics development, policy management, vendor risk assessments, and risk register maintenance.
Excellent written and verbal communication skills, with the ability to present complex security concepts to diverse audiences.
Working knowledge of IT/network and cloud architectures sufficient to map controls, evidence, and risks.
Proficiency with O365; advanced Excel and Power BI for dashboards; Visio for process & control maps.
Strong written and verbal communication skills.
Ability to communicate security guidance to a non‑technical audience.
Experience in developing, documenting, and maintaining security policies, processes, procedures, and standards.
Independent Action Functions independently within departmental policies and practices. Must be able to work independently in a manner to achieve goals, objectives and productivity requirements. Refers unresolved complex issues to director where clarification of department policies and procedures may be required.
Supervisory Responsibilities None.
Pay Range $113,519.22 - $187,305.66
EEO Statement Brown University Health is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, ethnicity, sexual orientation, ancestry, genetics, gender identity or expression, disability, protected veteran, or marital status. Brown University Health is a VEVRAA Federal Contractor.
Location BHCS 15 LaSalle Square - 15 LaSalle Square Providence, Rhode Island 02903
Work Type M-F 8:00am-4:30pm
Work Shift Day
Daily Hours 8 hours
Driving Required Yes
Seniority level Mid-senior level
Employment type Full‑time
Job function Information Technology
Industries Hospitals and Health Care
#J-18808-Ljbffr
IS Security GRC Analyst
role at
Brown University Health
The IS Security Governance, Risk & Compliance (GRC) Analyst is a critical member of the Chief Information Security Officer's (CISO's) team and reports to the Director of Information Security. The IS Security GRC Analyst plays a pivotal role in the Information Security team, driving the development and implementation of the organization’s security governance framework. This position is responsible for creating and managing security metrics, facilitating exception requests, conducting vendor security risk assessments, and maintaining key documentation such as information security policies and the risk register. The role ensures that the healthcare organization maintains compliance with regulatory requirements, industry standards, and internal policies while proactively managing security risks.
Principal Duties & Responsibilities
Brown University Health employees are expected to successfully role model the organization’s values of Compassion, Accountability, Respect, and Excellence.
Develop, review, and update information security policies, procedures, and standards to reflect best practices, regulatory requirements, and evolving threats.
Monitor regulatory changes and industry trends to ensure ongoing compliance and policy relevance.
Maintain crosswalks between organization policies and regulatory standards.
Assist in ensuring compliance with relevant regulatory standards, including HIPAA, HITECH, PCI-DSS, NIST
Design and implement metrics to measure the effectiveness of the information security program, including incident trends, security stack deployment, and risk levels.
Develop dashboards and reports for senior management, detailing the status of the information security program and highlighting areas for improvement.
Facilitate the process for security policy exceptions, including reviewing requests, meeting with business owners, assessing risk, and documenting approvals.
Conduct and/or oversee vendor security risk assessments, evaluating third-party practices for alignment with the organization’s security requirements.
Identify opportunities for improvement in governance, risk, and compliance practices, recommending updates to processes and controls.
Provide expert level guidance to IT staff and the business regarding all Information Security policies, standards, processes, and procedures.
Work with various infrastructure teams and business units to ensure policy compliance and adherence to security best practices.
Participate in security projects and provide expert guidance on security policy, process, and procedures for other IT projects.
Attend various IT meetings that require an IS Security representative.
Participate in compliance / audit activities as requested by internal and external auditors.
Support Brown University Health’s Legal e‑discovery processes to include identification, collection, preservation, and processing of relevant data.
Manage Governance, Risk and Compliance platform.
Maintain work effort status within SLA’s on Brown University Health’s Service Desk and Task Management Platforms.
Perform other duties as assigned.
Experience
A minimum of 10 years of IS experience, with 5 years in an information security role.
A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred.
Certifications (3 or more – Security+, CCSP, CISA, CISM, CRISC, CISSP, GIAC, Network+, ITIL, Project+)
Strong understanding of regulatory requirements, security frameworks, and risk management methodologies (e.g., HIPAA, HITECH, NIST, ISO 27001).
Experience with security metrics development, policy management, vendor risk assessments, and risk register maintenance.
Excellent written and verbal communication skills, with the ability to present complex security concepts to diverse audiences.
Working knowledge of IT/network and cloud architectures sufficient to map controls, evidence, and risks.
Proficiency with O365; advanced Excel and Power BI for dashboards; Visio for process & control maps.
Strong written and verbal communication skills.
Ability to communicate security guidance to a non‑technical audience.
Experience in developing, documenting, and maintaining security policies, processes, procedures, and standards.
Independent Action Functions independently within departmental policies and practices. Must be able to work independently in a manner to achieve goals, objectives and productivity requirements. Refers unresolved complex issues to director where clarification of department policies and procedures may be required.
Supervisory Responsibilities None.
Pay Range $113,519.22 - $187,305.66
EEO Statement Brown University Health is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, ethnicity, sexual orientation, ancestry, genetics, gender identity or expression, disability, protected veteran, or marital status. Brown University Health is a VEVRAA Federal Contractor.
Location BHCS 15 LaSalle Square - 15 LaSalle Square Providence, Rhode Island 02903
Work Type M-F 8:00am-4:30pm
Work Shift Day
Daily Hours 8 hours
Driving Required Yes
Seniority level Mid-senior level
Employment type Full‑time
Job function Information Technology
Industries Hospitals and Health Care
#J-18808-Ljbffr