At MVP Health Care, we're on a mission to create a healthier future for everyone - which requires innovative thinking and continuous improvement. To achieve this, we're looking for a Cyber Security GRC Analyst to join #TeamMVP. If you have a passion for Cybersecurity, risk analytics, and working in a collaborative environment, this is the opportunity for you.

Full-Time, Exempt

What's in it for you:

• Growth opportunities to uplevel your career

• A people-centric culture embracing and celebrating diverse perspectives, backgrounds, and experiences within our team

• Competitive compensation and comprehensive benefits focused on well-being

• An opportunity to shape the future of health care by joining a team recognized as a Best Place to Work for and one of the Best Companies to Work For in New York

Qualifications you'll bring:

• Bachelor's Degree, or an equivalent combination of formal education and experience.
• The availability to work within NYS with the potential for occasional travel requirements.
• Working understanding of HIPAA compliance, requirements of all phases of Certification and Accreditation (C&A) and creating documentation in accordance with NIST guidance.
• Candidates should be well-versed in risk management, knowledge regarding SDLC, and perform in security tasks throughout.
• Candidates shall be well versed with NIST publications and other Health related publications and their requirements and impact on system security.
• Curiosity to foster innovation and pave the way for growth

• Humility to play as a team

• Commitment to being the difference for our customers in every interaction

Your key responsibilities:

• Develop, implement, and communicate IT and Corporate security policy, standards, best practices, guidance, and procedures
• Draft, review, and comment as needed on translating federal requirements into Department policies and requirements, including, but not limited to: NIST publications, DFS guidance and requirements, CMS and HIPAA.
• Implement HIPAA and HITRUST assessments and implement CSF framework controls to ensure compliance.
• Work with Risk Management team to ensure Business Continuance plans are up to date. Assist with regular table-top exercise.
• Support annual recertification of accounts - ensure new accounts have appropriate access and any inactive accounts are deactivated. Provide hands-on assistance to Business Units as necessary.
• Create Cybersecurity dashboard and presentations for Board Risk and Compliance Committee.
• Manage and maintain IT security Risk Register. Coordinate with Enterprise Risk Team to ensure all risks are tracked and actively worked on for remediation.
• Provide third party oversight including review of contracts, Business Associate Agreements, Information Security Questionnaires, and other artifacts such SOC2 and HITRUST reports.
• Contribute to our humble pursuit of excellence by performing various responsibilities that may arise, reflecting our collective goal of enhancing healthcare delivery and being the difference for the customer.

Where you'll be:

The ability to work within NYS with occasion travel as required.

• Headquarters Office, 625 State Street, Schenectady, New York, United States of America
• Rochester Office, 20 S. Clinton Ave, Rochester, New York, United States of America
• Tarrytown Office, 303 South Broadway, Tarrytown, New York, United States of America