Senior Analyst, IT GRC (Governance, Risk, and Compliance)
Laboratory Corporation of America Holdings (NYSE:LH), an S&P 500 company is a leading life sciences company, providing comprehensive clinical laboratory and end-to-end drug development services. With a mission to improve health and improve lives, LabCorp delivers world-class diagnostics solutions, brings innovative medicines to patients faster and uses technology to provide better care. With net revenue in excess of $9 billion in 2016, LabCorp's 50,000 employees serve clients in 60 countries.
The Senior Analyst, IT GRC (Governance, Risk, and Compliance) works within the Information Security Office to help with development and management of the GRC Program. In particular, this position is responsible for supporting the overall compliance and governance programs through obtaining and maintaining ongoing compliance with information security and data industry standards and regulatory requirements (i.e. HITRUST, HIPAA, PCI, 21 CFR Part 11, SSAE18, etc.). Specifically, the role will be responsible for facilitation of third-party audits and attestation engagements, execution of risk and compliance assessments, and management of information security policies and procedures, vendor risk assessments, and completion of customer requests for information.
DUTIES AND RESPONSIBILITIES
Support and manage external IT-related attestation engagements, including HITRUST, SOX, SSAE18/SOC, PCI or similar; as well as others where required.
Develop and maintain strong business and technology relationships.
Liaise with other internal regulatory subject matter experts such as Legal, Privacy, Internal Audit, and others as needed to ensure alignment with regulatory requirements.
Support internal, external, regulator, customer, or other IT audits and/or requests for information with Information Security scope.
Support CAPA tracking process resultant from audits including assignment to IT issue owners and timely execution of mitigating actions.
Help ensure alignment of technology controls between industry standards/policy/regulatory requirements and critical business needs;
Complete vendor risk assessments for technology vendors, including scoring and reporting of risks;
Complete customer security questionnaires and requests for information; and
Communicate effectively across multiple levels.
JOB QUALIFICATIONS / REQUIRED SKILLS:
Minimum of 5 years in Information Security, IT Audit/Governance/Risk/Compliance, or similar role.
Strong knowledge of information security governance, risk, and compliance programs.
Strong understanding and experience with requirements in regulated IT environments.
Proven project management and organizational skills, specifically managing multiple, concurrent projects.
Strong analytical background and technical skills with the ability to apply regulatory requirements to IT operational and technical controls.
Demonstrated leadership skills with the ability to communicate effectively and collaborate strongly within a virtual team.
Excellent conceptual and critical thinking skills and sound judgment, with strategic
orientation and ability to perform tactically, as required.
Experience and understanding of the functionality of GRC tools such as Archer is a plus.
Bachelors in business/technology or related field required; graduate degree preferred.
Certifications in one or more of the following areas preferred: CISSP, CISA, CISM, CRISC,GCIH, CIPP