Medical University of South Carolina

Compensation

Full Description

Job Description Summary The Information Security GRC Analyst II reports to an Information Security Manager or Information Security Team Leader. Under indirect supervision, the Information Security GRC Analyst II provides governance, risk management, and compliance functions to enable safe and secure information services to support the academic, research, and healthcare missions of MUSC. This position helps design, implement, manage, and monitor technical, administrative, and physical controls to protect the confidentiality, integrity, and availability of the organization's information assets. Entity Medical University Hospital Authority (MUHA) Worker Type Employee Worker Sub-Type Regular Cost Center CC002271 SYS - IS Cyber Operations Pay Rate Type Salary Pay Grade Health-27 Scheduled Weekly Hours 40 Work Shift Job Description The Information Security GRC Analyst II reports to an Information Security Manager or Information Security Team Leader. Under indirect supervision, the Information Security GRC Analyst II provides governance, risk management, and compliance functions to enable safe and secure information services to support the academic, research, and healthcare missions of MUSC. This position helps design, implement, manage, and monitor technical, administrative, and physical controls to protect the confidentiality, integrity, and availability of the organization's information assets. PRIMARY RESPONSIBILITIES: Governance: Develop, maintain, and communicate information security policies, standards, procedures, and guidelines in alignment with organizational objectives and regulatory requirements Support the information security governance framework and participate in security steering committees Maintain comprehensive documentation of security controls, processes, and procedures Coordinate security program initiatives and track remediation efforts across departments Facilitate security review processes for new technologies, systems, and business initiatives Risk Management: Conduct information security risk assessments and business impact analyses for systems, applications, and business processes Identify, analyze, and evaluate security risks to information assets using quantitative and qualitative methodologies Develop risk treatment plans and track risk mitigation activities to completion Maintain the information security risk register and provide regular risk reporting to leadership and stakeholders Support third-party vendor risk assessments and ongoing vendor management activities Participate in change advisory boards to assess security risks of proposed changes Compliance: Monitor and assess compliance with applicable regulations including HIPAA/HITECH, FERPA, PCI-DSS, and other relevant frameworks Coordinate and support internal and external audits and assessments Conduct gap analyses against regulatory requirements and industry frameworks including NIST Cybersecurity Framework 2.0 Track and report on compliance metrics, control effectiveness, and key performance indicators Develop and implement remediation plans for compliance deficiencies Support incident response activities with a focus on regulatory reporting and breach notification requirements Maintain evidence of compliance for audit purposes Additional Job Description REQUIRED EDUCATION/SKILLS/WORK EXPERIENCE: Bachelor's degree in information security, information assurance, computer science, cybersecurity, risk management, or a related field required Minimum 2 years of IT security experience with a Bachelor's degree, OR 4-7 years of hands-on experience in information security, GRC, compliance, audit, or related IT experience Required Skills and Knowledge: Advanced analytical and problem-solving skills with the ability to assess complex security and compliance issues Solid understanding of information security risk concepts, principles, and assessment methodologies Experience with security and compliance frameworks including one or more of: ISO 27000 series, HIPAA/HITECH, FERPA, PCI-DSS, and NIST/FISMA frameworks Strong written and verbal communication skills with the ability to communicate technical concepts to non-technical stakeholders Ability to work independently and collaboratively across multiple departments and teams Proficiency with GRC tools, risk assessment methodologies, and compliance tracking systems Preferred Qualifications: Strong familiarity with compliance requirements affecting academic medical centers Knowledge of NIST Cybersecurity Framework 2.0 and NIST SP 800-53 controls Experience conducting risk assessments in healthcare or higher education environments Experience with GRC platforms (e.g., ServiceNow GRC or similar) Advanced level certifications such as: CISSP, CCSP, or SSCP (ISC²) GIAC Security Essentials (GSEC) Healthcare Information Security and Privacy Practitioner (HCISPP) Physical Requirements Mobility & Posture Standing: Continuous Sitting: Continuous Walking: Continuous Climbing stairs: Infrequent Working indoors: Continuous Working outdoors (temperature extremes): Infrequent Working from elevated areas: Frequent Working in confined/cramped spaces: Frequent Kneeling: Infrequent Bending at the waist: Continuous Twisting at the waist: Frequent Squatting: Frequent Manual Dexterity & Strength Pinching operations: Frequent Gross motor use (fingers/hands): Continuous Firm grasping (fingers/hands): Continuous Fine manipulation (fingers/hands): Continuous Reaching overhead: Frequent Reaching in all directions: Continuous Repetitive motion (hands/wrists/elbows/shoulders): Continuous Full use of both legs: Continuous Balance & coordination (lower extremities): Frequent Lifting & Force Requirements Lift/carry 50 lbs. unassisted: Infrequent Lift/lower 50 lbs. from floor to 36”: Infrequent Lift up to 25 lbs. overhead: Infrequent Exert up to 50 lbs. of force: Frequent Examples: Transfer 100 lb. non-ambulatory patient = 50 lbs. force Push 400 lb. patient in wheelchair on carpet = 20 lbs. force Push patient stretcher one-handed = 25 lbs. force Vision & Sensory Maintain corrected vision 20/40 (one or both eyes): Continuous Recognize objects (near/far): Continuous Color discrimination: Continuous Depth perception: Continuous Peripheral vision: Continuous Hearing acuity (with correction): Continuous Tactile sensory function: Continuous Gross motor with fine motor coordination: Continuous Selected Positions: Olfactory (smell) function: Continuous Respirator use qualification: Continuous Work Environment & Conditions Effective stress management: Continuous Rotating shifts: Frequent Overtime as required: Frequent Latex-safe environment: Continuous If you like working with energetic enthusiastic individuals, you will enjoy your career with us! The Medical University of South Carolina is an Equal Opportunity Employer. MUSC does not discriminate on the basis of race, color, religion or belief, age, sex, national origin, gender identity, sexual orientation, disability, protected veteran status, family or parental status, or any other status protected by state laws and/or federal regulations. All qualified applicants are encouraged to apply and will receive consideration for employment based upon applicable qualifications, merit and business need. Medical University of South Carolina participates in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please click here: http://www.uscis.gov/e-verify/employees Thank you for wanting to be part of the Medical University of South Carolina team. Whether you want to teach the next generation of health care leaders, innovate new business models, discover the next breakthrough or provide patient care, there's a role for you that fuels your passion and takes advantage of your skills. There are career opportunities available in academics, research, hospital medicine, physician practices and support services, from patient billing to IT. As an applicant, you can search jobs for all MUSC entities as well as search by category and location. MUSC attracts more than $250 million annually in research funding, making it the biggest magnet for biomedical, extramural research dollars of all institutions of higher learning in South Carolina. The Clinical and Translational Science Award (CTSA) Program aims to advance clinical and translational science to increase the speed at which new treatments become available to patients. MUSC Health, the clinical enterprise, operates a 750 bed medical center, which includes a nationally recognized Children’s Hospital, the Ashley River Tower (cardiovascular, digestive disease, and surgical oncology), Hollings Cancer Center (one of fewer than 70 elite National Cancer Institute designated centers), a Level I Trauma Center and the Institute of Psychiatry. In addition, there are more than 100 outreach clinics, hospital/health system affiliations, and telehealth sites. U.S. News & World Report placed us among the top one percent of all American hospitals, with 11 specialties in the top 50. The MUSC Medical Center is also one of only three Magnet® designated hospitals in South Carolina.