Sr Information Security Risk Analyst - Hybrid

Bring your drive for excellence, teamwork, and customer commitment to Independence. Join us as we renew and reimagine the future of health care. Together we will achieve our missionto enhance the health and well-being of the people and communities we serve. We are seeking a highly motivated and experienced Information Security Governance, Risk, and Compliance (GRC) Analyst to lead and support key security and compliance initiatives. This role is critical to maintaining our strong security posture, driving risk management efforts, and ensuring alignment with relevant frameworks and certifications. Position Summary: The Lead Information Security GRC Analyst will take ownership of managing and directing major audit and certification programs, such as SOC 2 and HITRUST, while overseeing risk management activities and ensuring compliance with information security frameworks and regulatory requirements. The ideal candidate will bring a strong audit background, ideally from a Big 4 or other leading audit firm, and demonstrate a solid understanding of control design, testing, and compliance best practices. This role requires strong organizational skills, attention to detail, and the ability to collaborate with internal teams and external auditors. The analyst will act as a hands-on leader, providing expertise and direction while ensuring the successful execution of key compliance and risk initiatives. Key Responsibilities: • Lead and manage SOC 2 audits, including planning, coordinating with control owners and auditors, and ensuring timely completion of all requirements. • Oversee the HITRUST certification process, collaborating with internal teams and external assessors to maintain compliance and address changes as needed. • Drive risk management efforts including maintaining a risk register. • Ensure compliance with relevant security frameworks and standards, such as NIST CSF and HITRUST, as well as regulatory requirements including HIPAA/HITECH and PCI DSS. • Act as the primary point of contact for auditors, subject matter experts, and control owners, fostering collaboration and resolving issues as they arise. • Report on the status of audits, certifications, and risk management efforts to leadership, highlighting risks and recommending solutions. Qualifications: • Bachelor's degree in Information Security, IT, Business Administration, or a related field; relevant certifications (e.g., CISA, CISSP, HITRUST CCSFP) are a plus. • 3+ years of experience in information security, IT audit, or GRC roles, with a strong preference for candidates with Big 4 or large firm audit experience. • Strong understanding of audit processes, control design, testing, and compliance frameworks. • Familiarity with security frameworks (NIST CSF, HITRUST, ISO 27001) and regulatory requirements (HIPAA, PCI DSS, GDPR). • Experience with GRC tools and platforms, and an ability to drive risk management processes. • Exceptional organizational, communication, and problem-solving skills. • Self-motivated and confident in leading complex projects with minimal supervision. Hybrid Independence has implemented a “Hybrid” model which consists of Associates working in the office 3 days a week (Tuesday, Wednesday & Thursday) and remotely 2 days a week (Monday & Friday). This role is designated as a role that fits into the “Hybrid” model. While associates may work remotely on our designated remote days, the work must be performed in the Tri-State Area of Delaware, New Jersey or Pennsylvania. IBX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to their age, race, color, religion, sex, national origin, sexual orientation, protected veteran status, or disability. Must have an Android or iOS device which is compatible with the free Microsoft Authenticator app.