Information Security GRC Analyst II - Information Solutions (Remote)

Job Description Summary

The Information Security GRC Analyst II reports to an Information Security Manager or Information Security Team Leader. Under indirect supervision, the Information Security GRC Analyst II provides governance, risk management, and compliance functions to enable safe and secure information services to support the academic, research, and healthcare missions of MUSC. This position helps design, implement, manage, and monitor technical, administrative, and physical controls to protect the confidentiality, integrity, and availability of the organization's information assets.

Entity

Medical University Hospital Authority (MUHA)

Worker Type

Employee

Worker Sub-Type​

Regular

Cost Center

CC002271 SYS - IS Cyber Operations

Pay Rate Type

Salary

Pay Grade

Health-27

Scheduled Weekly Hours

40

Work Shift

Job Description

The Information Security GRC Analyst II reports to an Information Security Manager or Information Security Team Leader. Under indirect supervision, the Information Security GRC Analyst II provides governance, risk management, and compliance functions to enable safe and secure information services to support the academic, research, and healthcare missions of MUSC. This position helps design, implement, manage, and monitor technical, administrative, and physical controls to protect the confidentiality, integrity, and availability of the organization's information assets.

PRIMARY RESPONSIBILITIES:

Governance:

• Develop, maintain, and communicate information security policies, standards, procedures, and guidelines in alignment with organizational objectives and regulatory requirements
• Support the information security governance framework and participate in security steering committees
• Maintain comprehensive documentation of security controls, processes, and procedures
• Coordinate security program initiatives and track remediation efforts across departments
• Facilitate security review processes for new technologies, systems, and business initiatives

Risk Management:

• Conduct information security risk assessments and business impact analyses for systems, applications, and business processes
• Identify, analyze, and evaluate security risks to information assets using quantitative and qualitative methodologies
• Develop risk treatment plans and track risk mitigation activities to completion
• Maintain the information security risk register and provide regular risk reporting to leadership and stakeholders
• Support third-party vendor risk assessments and ongoing vendor management activities
• Participate in change advisory boards to assess security risks of proposed changes

Compliance:

• Monitor and assess compliance with applicable regulations including HIPAA/HITECH, FERPA, PCI-DSS, and other relevant frameworks
• Coordinate and support internal and external audits and assessments
• Conduct gap analyses against regulatory requirements and industry frameworks including NIST Cybersecurity Framework 2.0
• Track and report on compliance metrics, control effectiveness, and key performance indicators
• Develop and implement remediation plans for compliance deficiencies
• Support incident response activities with a focus on regulatory reporting and breach notification requirements
• Maintain evidence of compliance for audit purposes

Additional Job Description

REQUIRED EDUCATION/SKILLS/WORK EXPERIENCE:

• Bachelor's degree in information security, information assurance, computer science, cybersecurity, risk management, or a related field required
• Minimum 2 years of IT security experience with a Bachelor's degree, OR
• 4-7 years of hands-on experience in information security, GRC, compliance, audit, or related IT experience

Required Skills and Knowledge:

• Advanced analytical and problem-solving skills with the ability to assess complex security and compliance issues
• Solid understanding of information security risk concepts, principles, and assessment methodologies
• Experience with security and compliance frameworks including one or more of: ISO 27000 series, HIPAA/HITECH, FERPA, PCI-DSS, and NIST/FISMA frameworks
• Strong written and verbal communication skills with the ability to communicate technical concepts to non-technical stakeholders
• Ability to work independently and collaboratively across multiple departments and teams
• Proficiency with GRC tools, risk assessment methodologies, and compliance tracking systems

Preferred Qualifications:

• Strong familiarity with compliance requirements affecting academic medical centers
• Knowledge of NIST Cybersecurity Framework 2.0 and NIST SP 800-53 controls
• Experience conducting risk assessments in healthcare or higher education environments
• Experience with GRC platforms (e.g., ServiceNow GRC or similar)
• Advanced level certifications such as:
  • CISSP, CCSP, or SSCP (ISC²)
  • GIAC Security Essentials (GSEC)
  • Healthcare Information Security and Privacy Practitioner (HCISPP)

Physical Requirements

• Mobility & Posture
  • Standing: Continuous
  • Sitting: Continuous
  • Walking: Continuous
  • Climbing stairs: Infrequent
  • Working indoors: Continuous
  • Working outdoors (temperature extremes): Infrequent
  • Working from elevated areas: Frequent
  • Working in confined/cramped spaces: Frequent
  • Kneeling: Infrequent
  • Bending at the waist: Continuous
  • Twisting at the waist: Frequent
  • Squatting: Frequent
• Manual Dexterity & Strength
  • Pinching operations: Frequent
  • Gross motor use (fingers/hands): Continuous
  • Firm grasping (fingers/hands): Continuous
  • Fine manipulation (fingers/hands): Continuous
  • Reaching overhead: Frequent
  • Reaching in all directions: Continuous
  • Repetitive motion (hands/wrists/elbows/shoulders): Continuous
  • Full use of both legs: Continuous
  • Balance & coordination (lower extremities): Frequent
• Lifting & Force Requirements
  • Lift/carry 50 lbs. unassisted: Infrequent
  • Lift/lower 50 lbs. from floor to 36”: Infrequent
  • Lift up to 25 lbs. overhead: Infrequent
  • Exert up to 50 lbs. of force: Frequent
    • Examples:
      • Transfer 100 lb. non-ambulatory patient = 50 lbs. force
      • Push 400 lb. patient in wheelchair on carpet = 20 lbs. force
      • Push patient stretcher one-handed = 25 lbs. force
• Vision & Sensory
  • Maintain corrected vision 20/40 (one or both eyes): Continuous
  • Recognize objects (near/far): Continuous
  • Color discrimination: Continuous
  • Depth perception: Continuous
  • Peripheral vision: Continuous
  • Hearing acuity (with correction): Continuous
  • Tactile sensory function: Continuous
  • Gross motor with fine motor coordination: Continuous
  • Selected Positions:
    • Olfactory (smell) function: Continuous
    • Respirator use qualification: Continuous
• Work Environment & Conditions
  • Effective stress management: Continuous
  • Rotating shifts: Frequent
  • Overtime as required: Frequent
  • Latex-safe environment: Continuous

If you like working with energetic enthusiastic individuals, you will enjoy your career with us!

The Medical University of South Carolina is an Equal Opportunity Employer. MUSC does not discriminate on the basis of race, color, religion or belief, age, sex, national origin, gender identity, sexual orientation, disability, protected veteran status, family or parental status, or any other status protected by state laws and/or federal regulations. All qualified applicants are encouraged to apply and will receive consideration for employment based upon applicable qualifications, merit and business need.

Medical University of South Carolina participates in the federal E-Verify program to confirm the identity and employment authorization of all newly hired employees. For further information about the E-Verify program, please click here: http://www.uscis.gov/e-verify/employees