Sr Information Security Risk Analyst - Hybrid
Bring your drive for excellence, teamwork, and customer commitment to Independence. Join us as we renew and reimagine the future of health care. Together we will achieve our mission to enhance the health and well-being of the people and communities we serve.
We are seeking a highly motivated and experienced Information Security Governance, Risk, and Compliance (GRC) Analyst to lead and support key security and compliance initiatives. This role is critical to maintaining our strong security posture, driving risk management efforts, and ensuring alignment with relevant frameworks and certifications.
Position Summary:
The Lead Information Security GRC Analyst will take ownership of managing and directing major audit and certification programs, such as SOC 2 and HITRUST, while overseeing risk management activities and ensuring compliance with information security frameworks and regulatory requirements. The ideal candidate will bring a strong audit background, ideally from a Big 4 or other leading audit firm, and demonstrate a solid understanding of control design, testing, and compliance best practices.
This role requires strong organizational skills, attention to detail, and the ability to collaborate with internal teams and external auditors. The analyst will act as a hands-on leader, providing expertise and direction while ensuring the successful execution of key compliance and risk initiatives.
Key Responsibilities:
- Lead and manage SOC 2 audits, including planning, coordinating with control owners and auditors, and ensuring timely completion of all requirements.
- Oversee the HITRUST certification process, collaborating with internal teams and external assessors to maintain compliance and address changes as needed.
- Drive risk management efforts including maintaining a risk register.
- Ensure compliance with relevant security frameworks and standards, such as NIST CSF and HITRUST, as well as regulatory requirements including HIPAA/HITECH and PCI DSS.
- Act as the primary point of contact for auditors, subject matter experts, and control owners, fostering collaboration and resolving issues as they arise.
- Report on the status of audits, certifications, and risk management efforts to leadership, highlighting risks and recommending solutions.
Qualifications:
- Bachelor's degree in Information Security, IT, Business Administration, or a related field; relevant certifications (e.g., CISA, CISSP, HITRUST CCSFP) are a plus.
- 3+ years of experience in information security, IT audit, or GRC roles, with a strong preference for candidates with Big 4 or large firm audit experience.
- Strong understanding of audit processes, control design, testing, and compliance frameworks.
- Familiarity with security frameworks (NIST CSF, HITRUST, ISO 27001) and regulatory requirements (HIPAA, PCI DSS, GDPR).
- Experience with GRC tools and platforms, and an ability to drive risk management processes.
- Exceptional organizational, communication, and problem-solving skills.
- Self-motivated and confident in leading complex projects with minimal supervision.
Hybrid
Independence has implemented a “Hybrid” model which consists of Associates working in the office 3 days a week (Tuesday, Wednesday & Thursday) and remotely 2 days a week (Monday & Friday). This role is designated as a role that fits into the “Hybrid” model. While associates may work remotely on our designated remote days, the work must be performed in the Tri-State Area of Delaware, New Jersey or Pennsylvania.
IBX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to their age, race, color, religion, sex, national origin, sexual orientation, protected veteran status, or disability.
Must have an Android or iOS device which is compatible with the free Microsoft Authenticator app.
Inclusion and Belonging
At IBX, everyone can feel valued, supported, and comfortable to be themselves, and all associates have a fair opportunity to achieve their full potential. We put these principles into action every day by acting with integrity and respect. Celebrating and embracing diverse thoughts and perspectives that make up our workforce means our company is more vibrant, innovative, and better able to support the people and communities we serve.
About Our Company
Serving more than 8 million people nationwide, including 2.5 million in southeastern Pennsylvania, Independence Health Group — together with its subsidiaries — is the leading health insurance organization in the Philadelphia region. Our mission to build healthier lives for you, your family, and your employees shapes our actions and decisions every day.
At Independence, we see each of our members as an individual, with unique needs and concerns. We’re dedicated to harnessing the very latest ideas and technologies to deliver access to care that meets those needs and surpasses your expectations. For more information about Independence access our website at www.ibx.com. We’re revolutionizing health care, and our focus is on you!
Equal Employment Opportunity
IBX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to their age, race, color, religion, sex, national origin, sexual orientation, protected veteran status, or disability.
Agency Disclaimer
All resumes submitted directly to an Independence Blue Cross employee from a vendor via email, the Internet or in any other form without a valid written search agreement in place for this position from the Independence Blue Cross Family of Companies Human Resources Department will be deemed the sole property of Independence Blue Cross and the Independence Blue Cross Family of Companies. Please note that no fee will be paid in the event the candidate is hired by Independence Blue Cross or the Independence Blue Cross Family of Companies as a result of the referral or through means other than our established process.