IS Security GRC Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

Brown University Health · 2 months ago

IS Security GRC Analyst

positionProvidence, RI
timeFull-time
remoteOnsite
senioritySenior Level, Lead/Staff
money$114K/yr - $187K/yr
date10+ years exp

Brown University Health is seeking an IS Security Governance, Risk & Compliance (GRC) Analyst who will be a critical member of the Chief Information Security Officer's team. The role is responsible for developing and implementing security governance frameworks, managing security metrics, conducting vendor risk assessments, and ensuring compliance with regulatory requirements.

EducationHealth CareMedicalUniversities
check
H1B Sponsor Likelynote

Responsibilities

Develop, review, and update information security policies, procedures, and standards to reflect best practices, regulatory requirements, and evolving threats
Monitor regulatory changes and industry trends to ensure ongoing compliance and policy relevance
Maintain crosswalks between organization policies and regulatory standards
Assist in ensuring compliance with relevant regulatory standards, including HIPAA, HITECH, PCI-DSS, NIST, and other applicable frameworks
Design and implement metrics to measure the effectiveness of the information security program, including incident trends, security stack deployment, and risk levels
Develop dashboards and reports for senior management, detailing the status of the information security program and highlighting areas for improvement
Continuously refine metrics to provide meaningful insights into the organization’s security posture
Facilitate the process for security policy exceptions, including reviewing requests, meeting with business owners, assessing risk, and documenting approvals
Ensure that exception requests are properly tracked, periodically reviewed, and managed according to organizational policies
Conduct and/or oversee vendor security risk assessments, evaluating third-party practices for alignment with the organization’s security requirements
Monitor and reassess vendor risks regularly to account for changes in services, technology, or vendor practices
Identify opportunities for improvement in governance, risk, and compliance practices, recommending updates to processes and controls
Stay current with emerging security risks, regulatory requirements, and best practices to ensure the ongoing effectiveness of the GRC program
Provides expert level guidance to IT staff and the business regarding all Information Security policies, standards, processes, and procedures
Works with various infrastructure teams and business units to ensure policy compliance and adherence to security best practices
Participates in security projects and provides expert guidance on security policy, process, and procedures for other IT projects
Attends various IT meetings that require an IS Security representative
Participates in compliance / audit activities as requested by internal and external auditors
Supports Brown University Health’s Legal e-discovery processes to include identification, collection, preservation and processing of relevant data
Manages Governance, Risk and Compliance platform
Maintains work effort status within SLA’s on Brown University Health’s Service Desk and Task Management Platforms
Performs other duties as assigned

Qualification

Information Security GovernanceRisk ManagementCompliance StandardsSecurity Metrics DevelopmentVendor Risk AssessmentsSecurity FrameworksPolicy ManagementO365 ProficiencyIndependent ActionCommunicationTeam Collaboration

Required

A minimum of 10 years of IS experience, with 5 years in an information security role
A bachelor's degree in information systems or equivalent work experience; an M.B.A. or M.S. in information security is preferred
Certifications Required (3 or more – Security+, CCSP, CISA, CISM, CRISC, CISSP, GIAC, Network+, ITIL, Project+)
Strong understanding of regulatory requirements, security frameworks, and risk management methodologies (e.g., HIPAA, HITECH, NIST, ISO 27001)
Experience with security metrics development, policy management, vendor risk assessments, and risk register maintenance
Excellent written and verbal communication skills, with the ability to present complex security concepts to diverse audiences
Working knowledge of IT/network and cloud architectures sufficient to map controls, evidence, and risks
Proficiency with O365; advanced Excel and Power BI for dashboards; Visio for process & control maps
Strong written and verbal communication skills
Ability to communicate security guidance to a non-technical audience
Experience in developing, documenting, and maintaining security policies, processes, procedures, and standards

Company

Brown University Health

twittertwittertwitter
company-logo
Brown University Health provides an integrated academic health system offering hospital services, outpatient care and clinical education.
dateFounded in 1994
location
Providence, Rhode Island, USA
people-size10001+ employees
web-link
https://www.brownhealth.org

H1B Sponsorship

Brown University Health has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (3)
2024 (2)
2022 (3)
2021 (1)

Funding

Current Stage
Late Stage

Recent News

Providence Business News
Brown Health appoints Ventetuolo as head of pulmonary, critical care and sleep medicine
2025-12-30
Providence Business News
Brown Health reaches $50M loan agreement with Citizens Bank
2025-12-24
Providence Business News
Five Questions With: Dr. Theresa Williamson
2025-12-24
Company data provided by crunchbase