We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search

Job posting has expired

#alert
Back to search results / More jobs like this
Back to search results
New
Global Medical Response jobs

Cyber Security GRC Specialist

Global Medical Response
paid time off, 401(k)
United States, Colorado, Denver
Apr 01, 2025

Cyber Security GRC Specialist

Salary: $85,000 - $95,000

Location: Remote

Why Choose GMR? Global Medical Response's (GMR) and its family of solutions are dedicated to delivering compassionate, quality medical care, primarily in the areas of emergency and patient relocation services. Here you'll embark in meaningful work that will make an impact on you and the customers we service. View our employees' stories on how we provide care to the world at www.AtaMomentsNotice.com.

Job Summary:

The GMR Cyber Security Governance, Risk, and Compliance (GRC) Specialist will have a strong understanding of GRC concepts and solutions, and ability to adapt to new technologies, processes, and policies. This individual will participate in planning, developing, implementing, and evaluating policies and procedures for GRC cyber security workstreams and projects. They will help document cyber security risks and associated remediation plans for security compliance, support client and internal security risk assessment, contract review, vendor assessment, security exception processing and related project deliverables to IT partners, auditors, and stakeholders. This individual will have broad IT experience, familiarity with cybersecurity application and infrastructure concepts; experience in healthcare is strongly preferred.

Responsibilities:

  • Execute activities to support GRC workstreams and related projects for internal and external security assessment, security vendor/supplier assessment, contract and security policy and risk evaluation and exceptions.
  • Assist in performance of risk analyses and remediation requirements through activities such as the following:
    • Respond to business and client assessment and audit requests
    • Participate with Integration Management Office or others to respond to RFI/RFP requests
    • Conduct research, document, and evaluate threats, risk impact, risk likelihood, and recommended remediation.
    • Gather technical, administrative, physical security or other enterprise information related to threats, existing controls, and residual risks
  • Perform Vendor Risk and Compliance assessments and communicate remediation requirements.
  • Collaborate with business, legal, Privacy and Compliance, IT, client and other stakeholders to oversee review and provide security requirements and revisions for contracts, ISA, and BAA agreements.
  • Partner to create and maintain GMR policies, standards and procedures to safeguard the integrity of and access to GMR systems, files, and data elements and communicate regulatory and security framework requirements.
  • Analyze security policy compliance and development of information security policy exceptions including coordinating interviews, evidence collection and responses from appropriate subject matter experts, and approvals.
  • Partner with GMR security engineers to evaluate and recommend information technology and information security products, services, and processes to reduce risk and maintain compliance with applicable policies, mandates, laws, and regulations.
  • Maintain knowledge of changing technologies, and provide recommendations for adaptation of new technologies, processes, or policies.
  • Assist in development and delivery of required information technology and security awareness training and annual updates for GMR Workforce.
  • Provide GRC and information security expertise and functional delivery for projects, risk analysis, product, vendor RFI/RFP, IMO and regulatory or other initiatives aligned to other GMR organizations. Be the trusted champion of new security technologies.
  • Support GMR audits and Privacy and Compliance programs and other compliance programs as applicable.
  • Progress job knowledge by tracking and understanding emerging security practices and standards, maintaining credentials, participating in educational opportunities, reading professional publications, developing professional networks, and participating in professional organizations.
  • May coordinate work of others, fostering teamwork and cooperation.
  • Perform other security-related duties as assigned

Education/Licensing/Certification:

  • Bachelor's degree in Computer Science, Information Security and Assurance, Risk Management, Information Systems, Security Engineering or related major. Four years of security related experience can be substituted.
  • CISA, CISSP, or CRISC certification (or passing of test) is preferred.

Skills:

  • Knowledge of IT Security Governance, Risk, and Compliance (GRC) concepts and ability to perform risk assessment evaluations.
  • A broad-based understanding of Information Technology, Information Security, and Risk identification and evaluation that spans technical, administrative, physical, and operational security domains.
  • Experience with related domains e.g. Disaster Recovery and Business Continuity, Audit preparation and response, and IT Security and Risk Training, or other.
  • Ability to collaborate with individuals across business and IT domains, and at all levels of the organization.
    Interprets internal and external business requirements and issues and recommends best practices.
  • Possesses strong analytical ability, consultative skills, strong judgment and the ability to work effectively in a cross-functional, multi-disciplinary, hybrid remote or in person team environment.
  • Ability to adjust to changing priorities and multitask effectively.
  • Ability to assess, comprehend, and communicate complex information including technical and compliance concepts.
  • Requires strong verbal and written communication skills to effectively communicate with all levels of the organization.
  • Proven ability to understand and develop expertise on new regulatory, compliance and security technologies quickly.
  • Well organized with excellent follow up skills and proven ability to meet deadlines.
  • Experience with metrics gathering and reporting processes

Minimum Required Qualifications

  • A minimum of 2 years of experience related to areas of position responsibilities
  • A minimum of 2 years information security work experience
  • GRC Healthcare Industry experience strongly preferred
  • Working knowledge of compliance frameworks, security and privacy management standards and related certifications e.g., NIST CSF,800-171 and 800-53, FedRAMP, HIPAA, HITRUST, PCI DSS, IT General Controls (ITGC), SOC2, ISO 27001, COBIT or others
  • Experience with Cloud based IT Security concepts and solutions
  • Experience performing risk assessment tasks, and risk assessment platforms and tools e.g., Allgress, RSA Archer, CORL Toolkit, or other
  • Exposure to Identity and Credential Access Management platforms, tools and concepts is helpful

EEO Statement

Global Medical Response and its family of companies are an Equal Opportunity Employer, which includes supporting veterans and providing reasonable accommodations for individuals with a disability.

Check out our careers site benefits page to learn more about our comprehensive benefit options, which include medical, vision, dental, 401k, disability, FSA, HSA, EAP, vacation and paid time off.

(web-6468d597d4-m4rwd)