Medical University of South Carolina
Information Security GRC Analyst II - Information Solutions (Remote)
Medical University of South Carolina, Columbia, South Carolina, United States
Overview
The Information Security GRC Analyst II reports to an Information Security Manager or Information Security Team Leader. Under indirect supervision, the Information Security GRC Analyst II provides governance, risk management, and compliance functions to enable safe and secure information services to support the academic, research, and healthcare missions of MUSC. This position helps design, implement, manage, and monitor technical, administrative, and physical controls to protect the confidentiality, integrity, and availability of the organization's information assets. Entity: Medical University Hospital Authority (MUHA) Worker Type: Employee Worker Sub-Type: Regular Cost Center: CC002271 SYS - IS Cyber Operations Pay Rate Type: Salary Pay Grade: Health-27 Scheduled Weekly Hours: 40 Work Shift: Job Description The Information Security GRC Analyst II reports to an Information Security Manager or Information Security Team Leader. Under indirect supervision, the Information Security GRC Analyst II provides governance, risk management, and compliance functions to enable safe and secure information services to support the academic, research, and healthcare missions of MUSC. This position helps design, implement, manage, and monitor technical, administrative, and physical controls to protect the confidentiality, integrity, and availability of the organization's information assets. Primary Responsibilities
Governance Develop, maintain, and communicate information security policies, standards, procedures, and guidelines in alignment with organizational objectives and regulatory requirements Support the information security governance framework and participate in security steering committees Maintain comprehensive documentation of security controls, processes, and procedures Coordinate security program initiatives and track remediation efforts across departments Facilitate security review processes for new technologies, systems, and business initiatives Risk Management Conduct information security risk assessments and business impact analyses for systems, applications, and business processes Identify, analyze, and evaluate security risks to information assets using quantitative and qualitative methodologies Develop risk treatment plans and track risk mitigation activities to completion Maintain the information security risk register and provide regular risk reporting to leadership and stakeholders Support third-party vendor risk assessments and ongoing vendor management activities Participate in change advisory boards to assess security risks of proposed changes Compliance Monitor and assess compliance with applicable regulations including HIPAA/HITECH, FERPA, PCI-DSS, and other relevant frameworks Coordinate and support internal and external audits and assessments Conduct gap analyses against regulatory requirements and industry frameworks including NIST Cybersecurity Framework 2.0 Track and report on compliance metrics, control effectiveness, and key performance indicators Develop and implement remediation plans for compliance deficiencies Support incident response activities with a focus on regulatory reporting and breach notification requirements Maintain evidence of compliance for audit purposes Additional Job Description
REQUIRED EDUCATION/SKILLS/WORK EXPERIENCE : Bachelor's degree in information security, information assurance, computer science, cybersecurity, risk management, or a related field required Minimum 2 years of IT security experience with a Bachelor's degree, OR 4-7 years of hands-on experience in information security, GRC, compliance, audit, or related IT experience Required Skills and Knowledge Advanced analytical and problem-solving skills with the ability to assess complex security and compliance issues Solid understanding of information security risk concepts, principles, and assessment methodologies Experience with security and compliance frameworks including one or more of: ISO 27000 series, HIPAA/HITECH, FERPA, PCI-DSS, and NIST/FISMA frameworks Strong written and verbal communication skills with the ability to communicate technical concepts to non-technical stakeholders Ability to work independently and collaboratively across multiple departments and teams Proficiency with GRC tools, risk assessment methodologies, and compliance tracking systems Preferred Qualifications Strong familiarity with compliance requirements affecting academic medical centers Knowledge of NIST Cybersecurity Framework 2.0 and NIST SP 800-53 controls Experience conducting risk assessments in healthcare or higher education environments Experience with GRC platforms (e.g., ServiceNow GRC or similar) Advanced level certifications such as: CISSP, CCSP, or SSCP (ISC2) GIAC Security Essentials (GSEC) Healthcare Information Security and Privacy Practitioner (HCISPP) Physical Requirements
Mobility & Posture
Standing: Continuous Sitting: Continuous Walking: Continuous Climbing stairs: Infrequent Working indoors: Continuous Working outdoors (temperature extremes): Infrequent Working from elevated areas: Frequent Working in confined/cramped spaces: Frequent Kneeling: Infrequent Bending at the waist: Continuous Twisting at the waist: Frequent Squatting: Frequent
Manual Dexterity & Strength
Pinching operations: Frequent Gross motor use (fingers/hands): Continuous Firm grasping (fingers/hands): Continuous Fine manipulation (fingers/hands): Continuous Reaching overhead: Frequent Reaching in all directions: Continuous Repetitive motion (hands/wrists/elbows/shoulders): Continuous Full use of both legs: Continuous Balance & coordination (lower extremities): Frequent
Lifting & Force Requirements
Lift/carry 50 lbs. unassisted: Infrequent Lift/lower 50 lbs. from floor to 36”: Infrequent Lift up to 25 lbs. overhead: Infrequent Exert up to 50 lbs. of force: Frequent
Examples: Transfer 100 lb. non-ambulatory patient = 50 lbs. force Push 400 lb. patient in wheelchair on carpet = 20 lbs. force Push patient stretcher one-handed = 25 lbs. force
Vision & Sensory
Maintain corrected vision 20/40 (one or both eyes): Continuous Recognize objects (near/far): Continuous Color discrimination: Continuous Depth perception: Continuous Peripheral vision: Continuous Hearing acuity (with correction): Continuous Tactile sensory function: Continuous Gross motor with fine motor coordination: Continuous Selected Positions: Olfactory (smell) function: Continuous Respirator use qualification: Continuous
Work Environment & Conditions
Effective stress management: Continuous Rotating shifts: Frequent Overtime as required: Frequent Latex-safe environment: Continuous Note: If you like working with energetic enthusiastic individuals, you will enjoy your career with us! The Medical University of South Carolina is an Equal Opportunity Employer. MUSC does not discriminate on the basis of race, color, religion or belief, age, sex, national origin, gender identity, sexual orientation, disability, protected veteran status, family or parental status, or any other status protected by state laws and/or federal regulations. All qualified applicants are encouraged to apply and will receive consideration for employment based upon applicable qualifications, merit and business need. Medical University of South Carolina participates in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please note the following URL is provided for reference only: http://www.uscis.gov/e-verify/employees
#J-18808-Ljbffr
The Information Security GRC Analyst II reports to an Information Security Manager or Information Security Team Leader. Under indirect supervision, the Information Security GRC Analyst II provides governance, risk management, and compliance functions to enable safe and secure information services to support the academic, research, and healthcare missions of MUSC. This position helps design, implement, manage, and monitor technical, administrative, and physical controls to protect the confidentiality, integrity, and availability of the organization's information assets. Entity: Medical University Hospital Authority (MUHA) Worker Type: Employee Worker Sub-Type: Regular Cost Center: CC002271 SYS - IS Cyber Operations Pay Rate Type: Salary Pay Grade: Health-27 Scheduled Weekly Hours: 40 Work Shift: Job Description The Information Security GRC Analyst II reports to an Information Security Manager or Information Security Team Leader. Under indirect supervision, the Information Security GRC Analyst II provides governance, risk management, and compliance functions to enable safe and secure information services to support the academic, research, and healthcare missions of MUSC. This position helps design, implement, manage, and monitor technical, administrative, and physical controls to protect the confidentiality, integrity, and availability of the organization's information assets. Primary Responsibilities
Governance Develop, maintain, and communicate information security policies, standards, procedures, and guidelines in alignment with organizational objectives and regulatory requirements Support the information security governance framework and participate in security steering committees Maintain comprehensive documentation of security controls, processes, and procedures Coordinate security program initiatives and track remediation efforts across departments Facilitate security review processes for new technologies, systems, and business initiatives Risk Management Conduct information security risk assessments and business impact analyses for systems, applications, and business processes Identify, analyze, and evaluate security risks to information assets using quantitative and qualitative methodologies Develop risk treatment plans and track risk mitigation activities to completion Maintain the information security risk register and provide regular risk reporting to leadership and stakeholders Support third-party vendor risk assessments and ongoing vendor management activities Participate in change advisory boards to assess security risks of proposed changes Compliance Monitor and assess compliance with applicable regulations including HIPAA/HITECH, FERPA, PCI-DSS, and other relevant frameworks Coordinate and support internal and external audits and assessments Conduct gap analyses against regulatory requirements and industry frameworks including NIST Cybersecurity Framework 2.0 Track and report on compliance metrics, control effectiveness, and key performance indicators Develop and implement remediation plans for compliance deficiencies Support incident response activities with a focus on regulatory reporting and breach notification requirements Maintain evidence of compliance for audit purposes Additional Job Description
REQUIRED EDUCATION/SKILLS/WORK EXPERIENCE : Bachelor's degree in information security, information assurance, computer science, cybersecurity, risk management, or a related field required Minimum 2 years of IT security experience with a Bachelor's degree, OR 4-7 years of hands-on experience in information security, GRC, compliance, audit, or related IT experience Required Skills and Knowledge Advanced analytical and problem-solving skills with the ability to assess complex security and compliance issues Solid understanding of information security risk concepts, principles, and assessment methodologies Experience with security and compliance frameworks including one or more of: ISO 27000 series, HIPAA/HITECH, FERPA, PCI-DSS, and NIST/FISMA frameworks Strong written and verbal communication skills with the ability to communicate technical concepts to non-technical stakeholders Ability to work independently and collaboratively across multiple departments and teams Proficiency with GRC tools, risk assessment methodologies, and compliance tracking systems Preferred Qualifications Strong familiarity with compliance requirements affecting academic medical centers Knowledge of NIST Cybersecurity Framework 2.0 and NIST SP 800-53 controls Experience conducting risk assessments in healthcare or higher education environments Experience with GRC platforms (e.g., ServiceNow GRC or similar) Advanced level certifications such as: CISSP, CCSP, or SSCP (ISC2) GIAC Security Essentials (GSEC) Healthcare Information Security and Privacy Practitioner (HCISPP) Physical Requirements
Mobility & Posture
Standing: Continuous Sitting: Continuous Walking: Continuous Climbing stairs: Infrequent Working indoors: Continuous Working outdoors (temperature extremes): Infrequent Working from elevated areas: Frequent Working in confined/cramped spaces: Frequent Kneeling: Infrequent Bending at the waist: Continuous Twisting at the waist: Frequent Squatting: Frequent
Manual Dexterity & Strength
Pinching operations: Frequent Gross motor use (fingers/hands): Continuous Firm grasping (fingers/hands): Continuous Fine manipulation (fingers/hands): Continuous Reaching overhead: Frequent Reaching in all directions: Continuous Repetitive motion (hands/wrists/elbows/shoulders): Continuous Full use of both legs: Continuous Balance & coordination (lower extremities): Frequent
Lifting & Force Requirements
Lift/carry 50 lbs. unassisted: Infrequent Lift/lower 50 lbs. from floor to 36”: Infrequent Lift up to 25 lbs. overhead: Infrequent Exert up to 50 lbs. of force: Frequent
Examples: Transfer 100 lb. non-ambulatory patient = 50 lbs. force Push 400 lb. patient in wheelchair on carpet = 20 lbs. force Push patient stretcher one-handed = 25 lbs. force
Vision & Sensory
Maintain corrected vision 20/40 (one or both eyes): Continuous Recognize objects (near/far): Continuous Color discrimination: Continuous Depth perception: Continuous Peripheral vision: Continuous Hearing acuity (with correction): Continuous Tactile sensory function: Continuous Gross motor with fine motor coordination: Continuous Selected Positions: Olfactory (smell) function: Continuous Respirator use qualification: Continuous
Work Environment & Conditions
Effective stress management: Continuous Rotating shifts: Frequent Overtime as required: Frequent Latex-safe environment: Continuous Note: If you like working with energetic enthusiastic individuals, you will enjoy your career with us! The Medical University of South Carolina is an Equal Opportunity Employer. MUSC does not discriminate on the basis of race, color, religion or belief, age, sex, national origin, gender identity, sexual orientation, disability, protected veteran status, family or parental status, or any other status protected by state laws and/or federal regulations. All qualified applicants are encouraged to apply and will receive consideration for employment based upon applicable qualifications, merit and business need. Medical University of South Carolina participates in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please note the following URL is provided for reference only: http://www.uscis.gov/e-verify/employees
#J-18808-Ljbffr