Engineer - Cybersecurity GRC Specialist

What you can expect! 

Find joy in serving others with IEHP! We welcome you to join us in “healing and inspiring the human spirit” and to pivot from a “job” opportunity to an authentic experience!

The Engineer - Cybersecurity GRC Specialist is a mid-level position in Cybersecurity governance, risk, and compliance functions. This position is responsible for routine operation activities to assure that IEHP security program can demonstrate compliance with regulatory requirements and manage cyber risk properly to safeguard the company’s digital footprint. 

This position oversees security assessments, control testing, and regulatory compliance. Responsibilities include coordinating assessment functions, updating control matrices, recommending improvements, ensuring adherence to information security policies, and collaborating with auditors to safeguard protected data. Leadership in implementing the enterprise information security program through expertise in security analysis, risk assessments, awareness initiatives, and policy development is required.

Key Responsibilities:

1. Implement security controls, risk assessment framework, and compliance program aligning with regulatory requirements to advance business objectives.
2. Evaluate risks and develop security policies, procedures, and controls to manage risks and improve security positioning compliance with NIST cybersecurity framework, HIPAA, and PCI-DSS. 
3. Implement processes to automate monitoring of security controls, risks, testing, and develop reporting metrics and dashboards.
4. Define and document control ownership, schedule assessments, test control effectiveness, and create risk profile reports.
5. Engage and support stakeholders to implement privacy enhanced technologies to safeguard PII/PHI and other confidential information.
6. Participate and support ongoing GRC workstreams such as internal and external audits, risk assessments, incident response, exposure management, penetration testing, and social engineering tests.
7. Document control failures, provide remediation guidance, and prepare management reports tracking remediation activities.
8. Partner in governance, management, and oversight of all core security program functions.
9. Provide security communications and awareness training and guide other department or projects on security risk identification and remediation.
10. Remain current on best practices and act as technical resource for regulatory compliance.
11. Perform any other duties as required to ensure Health Plan operations and department business needs are successful.

Commitment to Quality: The IEHP Team is committed to incorporate IEHP’s Quality Program goals including, but not limited to, HEDIS, CAHPS, and NCQA Accreditation.

Perks

IEHP is not only committed to healing and inspiring the human spirit of our Members; we also aim to match our Team Members with the same energy by providing prime benefits and more 

• CalPERS retirement
• 457(b) option with a contribution match
• Generous paid time off- vacation, holidays, sick
• State of the art fitness center on-site
• Medical Insurance with Dental and Vision
• Paid life insurance for employees with additional options
• Short-term, and long-term disability options
• Pet care insurance
• Flexible Spending Account – Health Care/Childcare
• Wellness programs that promote a healthy work-life balance
• Career advancement opportunities and professional development
• Competitive salary with annual merit increase
• Team bonus opportunities

Education & Experience

• Bachelor’s degree in information systems security, a computer related field, or similar technical field, from an accredited institution required.
• Four (4) or more years of experience as a Cybersecurity Engineer with a focus on cybersecurity governance, compliance, and risk management required.

Key Qualifications

• One (1) or more of the following security certifications preferred: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified in Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Control (CRISC), GIAC Security Essentials Certification (GSEC), CompTIA Security+.
• In depth understanding and comprehensive knowledge in the following areas:
  • Information security management, governance, and compliance principles, practices, laws, rules, and regulations.
  • Information technology systems and processes, network infrastructure, application architecture, data processes, and protocols.
  • Expertise in cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.
  • Information systems auditing, monitoring, controlling, and assessment processes.
    - Incident response management methodologies and procedures.
  • Risk assessment and management methodologies.
  • Expertise in developing and implementing enterprise governance, risk, and compliance strategies and solutions.
  • Researching and locating information related to internal and external organizations using online and other sources.
  • Strong project management and planning skills in the security domain.
    - Skilled in troubleshooting and operating computer systems and various software packages effectively.
  • Adept at defining problems, collecting, and analyzing data, establishing facts, and drawing valid conclusions.
  • Excellent communication skills to effectively convey technical information to diverse audiences, both in writing and verbally.
  • Proficiency in evaluating, updating, and revising program materials.
  • Strong interpersonal skills to interact positively with staff, the Board, the public, and regulatory agencies, promoting quality service and effectiveness.
• Proven ability to:
  • Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing processes.
  • Possess a quick learning capability to apply knowledge to new situations.
    - Show aptitude for handling sensitive and confidential matters, situations, and data with utmost discretion.
  • Possess a capacity to understand and follow broad and complex instructions.
    - Comprehend technical language and confer, analyze, and write in an objective and lucid manner.
  • Work independently, prioritize multiple tasks, and adapt to needed changes.
  • Composure to remain calm under high-pressure and difficult situations.
  • Maintain confidentiality and handle sensitive information with utmost discretion.
  • Use sound judgment and ingenuity in maintaining objectives and technical standards.

Start your journey towards a thriving future with IEHP and apply TODAY!

This position is on a hybrid work schedule. (Mon & Fri - remote, Tues - Thurs onsite in Rancho Cucamonga, CA)