IT/IS GRC Consultant

Benefits

Additional Information

At HCSC, our employees are the cornerstone of our business and the foundation to our success. We empower employees with curated development plans that foster growth and promote rewarding, fulfilling careers. Join HCSC and be part of a purpose-driven company that will invest in your professional development. Job Summary This position is responsible for the governance, architecture, implementation, and enforcement of Information Technology (IT) and Information Security (IS) policies, standards, and procedures to ensure the confidentiality, integrity, and availability of enterprise systems, applications, data, and information resources. The role oversees the analysis, tracking, and remediation of IT and IS policy exceptions, assessment findings, and internal or external risk assessments. The position establishes, maintains, and enforces security baseline requirements across critical technology domains, including but not limited to network security (segmentation, firewalls, secure configurations), identity and access management (multi-factor authentication, least privilege, privileged access controls), endpoint security (hardening standards, endpoint detection and response), data protection (encryption, data classification), and resilience controls such as secure, immutable, and tested backup and recovery capabilities. These requirements are defined in accordance with ISO and NIST control objectives and are regularly assessed for effectiveness. The position maintains continuous awareness of emerging technologies, cybersecurity threats, regulatory requirements, and industry best practices, and provides strategic recommendations for the adoption or modification of technologies, controls, processes, and policies as appropriate. It proactively identifies gaps or deficiencies in existing IT and IS governance frameworks and leads the development or revision of policies, standards, and procedures to address evolving business needs, technology advancements, and future organizational growth. The role conducts and presents risk summaries, metrics, executive briefings, and formal reports to management, advising on material IT and information security risks that may impact business objectives, operational resilience, or regulatory compliance. It collaborates closely with enterprise stakeholders and contributes risk intelligence and control evaluation results to the Enterprise Risk Management (ERM) program. Additionally, the position evaluates and recommends IT and information security products, services, and processes to mitigate identified risks and ensure compliance with applicable corporate policies, contractual obligations, laws, and regulatory mandates. It implements and supports IT and information security awareness and training programs, delivering education on security policies, standards, controls, and best practices across the organization. The role partners with subject matter experts (SMEs) to develop and document corrective action and remediation plans, and monitors remediation progress. It serves as a project lead and mentor to junior GRC team members and may lead cross-functional initiatives, functional teams, or compliance-related projects as required. Required Job Qualifications: * Bachelor Degree and 4 years of IT / IS work experience with a broad range of exposure to systems analysis, application development, database design and administration or 8 years of IT / IS work experience with a broad range of exposure to systems analysis, application development, database design and administration. * Understand IT / IS concepts and how to artciulate those in terms of risk.Interprets internal or external business issues and concepts and and can translate those into IT concepts that must be addressed via policy. * Understand key IT / IS laws and regulations, such as the Health Insurance Portability and Accountability Act, as well as governance and compliance frameworks (e.g. NIST, COBIT, ITIL, HITRUST). * Experience with audit and compliance controls. This could include previous IT auditing experience and / or technical controls implementation, as well as the ability to respond apprpriately to audit and assessment findings. * Initiate and invoke creativity to solve complex problems; takes an "outside -in"perspective to identify innovative solutions * Collaborate well with individuals across the business and IT, as well as at all levels of the organization. Verbal and written communication skills, including the ability to articulate complex concepts to various technical and non-technical audiences. * Experience with and understanding of overall GRC concepts. * Work independently, with guidance in only the most complex situations. * May lead functional teams or projects. Preferred Job Qualifications: * Bachelor Degree in Computer Science, Information Systems, or other related field. * Experience with a GRC solution. Are you being referred to one of our roles? If so, ask your connection at HCSC about our Emp