Who are we? Versant Health is one of the nation’s leading administrators of managed vision care, serving millions of our clients’ members nationwide. We are driven by our mission to help members enjoy the wonders of sight through healthy eyes and vision. As a Versant Health associate, you can enjoy a comprehensive Total Rewards package, which includes health and dental insurance, tuition reimbursement, 401(k) with company match, pet insurance, no-arenaflex-to-you vision insurance for you and your qualified dependents. We are also invested in your success. There are many opportunities for advancement and development throughout all stages of your career with us. See how you can make a difference with the support of strong leadership and a team environment. See Everything, Be Anything™. What are we looking for? The Governance, Risk, and Compliance (GRC) Analyst is responsible for assisting the Director, Information Security (Governance, Risk, and Compliance) in executing strategic measures to manage and mitigate risks and reduce potential impacts on IT resources to an acceptable level to the business; apply compliance management by ensuring that the business attains its security control objectives by meeting legal, regulatory, industry, and customer requirements; and measure and report associated metrics to ensure that organizational objectives are monitored and achieved. Where you will have an impact • Maintain program trackers and controls performance for IT Security, ensuring that operational controls, procedures, and resources are documented effectively to manage risk across all enterprise assets including on-prem, COLO, and cloud resources IT Control Testing & Control Health • Complete assigned IT controls on pre-defined intervals (including ad hoc, daily, weekly, monthly, quarterly, and yearly), ensuring the health of all IT controls, and manages corrective action plans needed to address any control gaps, weaknesses, or failures • Contribute to compliance audits and assessments by delivering detailed documentation, supporting evidence, and insights related to IT risk management and control activities • Ensure customer compliance commitments are always met, and support all interactions with customer audits of our program • Ensure assigned policies and procedures meet audit requirements and periodically update deadlines • Conduct training and knowledge transfer on the execution of audit related control execution for end users and management • Support the analysis of complex systems, applications, and processes to evaluate security vulnerabilities and potential threats • Document the organization's IT assets, maintaining the integrity and confidentiality of sensitive information • Conduct comprehensive risk assessments of IT systems, networks, and applications to identify potential vulnerabilities and threats • Support the development of and oversee the execution of risk and exception mitigation strategies and action plans to address identified vulnerabilities and gaps in security controls • Provide expert guidance and recommendations on security governance best practices, configurations, and system hardening techniques • Participate in lessons learned to enhance GRC processes and prevent recurrence of exceptions • Collaborate with internal audit, legal, and compliance teams to address high-level risk-related inquiries, requests, and reporting requirements • Lead additional projects and perform other duties as assigned What’s necessary to do the job? • Bachelor's degree in related field required • An equivalent combination of experience and education will be considered in lieu of a bachelor's degree • Four (4) years of IT Security or Audit experience required • Experience in managing and accessing information security risks required • Detailed knowledge of HIPAA, NIST, PCI, HITRUST, SOC required • Experience with enterprise level identity management to support trusted interactions between disparate entities required • Healthcare experience preferred • CISSP, CISM, CRISC, or CISA preferred HIPAA & Security Requirements All Associates must comply with the Health Insurance Portability Accountability Act of 1996 (HIPAA) as it pertains to disclosures of protected health information (PHI) as described in the Notice of Privacy Practices and HIPAA Privacy Policies and Procedures. As a component of job roles and responsibilities, Associates may have access to covered information, cardholder data or other confidential customer information which must be protected at all times. As a result, Associates must explicitly adhere to all data security guidelines established within the Company’s Privacy & Security Training Program. Versant Health will never request money from candidates who seek employment with us and will never ask for any payment as part of the recruitment process. Versant Health is a proud Equal Employment Opportunity and Affirmative Action employer dedicated to attracting, retaining, and developing a diverse and inclusive workforce. All qualified applicants will receive consideration for employment at Versant Health without regards to race, color, religion, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, age, disability, national origin, marital or domestic/civil partnership status, genetic information, citizenship status, uniformed service member or veteran status, or any other characteristic protected by law. Apply tot his job