GRC and Privacy Analyst

Job Description

Job Description

WE ARE HEALTHCARE SYSTEMS OF AMERICA. Our mission is to elevate healthcare standards, improve patient outcomes, and create value for communities across the United States. Healthcare Systems of America (HSA) is more than a healthcare provider-we're a community built on excellence, innovation, and compassion. If you're looking for a career that makes a difference, empowers you to grow, and gives you the opportunity to impact lives, HSA is where you belong.

Healthcare Systems of America operates 8 community hospitals across 3 states. We service a multitude of patients and their families across our vast network, while remaining committed to the professional development of our staff, the functional improvement of our patients, and the cultivation of strong partnerships within our communities.

WHAT WE OFFER

• Career Growth & Development - We are an essential, stable and growing company with many opportunities for training and advancement within the medical field that all employees and team members can benefit from.
• Supportive & Inclusive Culture - We foster an environment where every team member is valued, heard, and empowered to succeed.
• Meaningful Work - Every day, you'll contribute to patient care, cutting-edge medical solutions, and life-changing treatment and technologies.

POSITION SUMMARY

The GRC and Privacy Analyst supports the organization's Governance, Risk, and Compliance (GRC) initiatives, as well as privacy and data protection functions. The role is responsible for assisting with policy management, risk assessments, audit readiness, and privacy compliance programs including HIPAA, HITECH, and other applicable federal and state regulations within the healthcare industry.

PRIMARY RESPONSIBILITIES

Governance, Risk & Compliance (GRC)

• Support implementation and maintenance of GRC frameworks and processes.
• Assist in developing and updating internal policies, standards, and controls.
• Track compliance metrics and prepare GRC reports for leadership.
• Support regulatory and third-party audits by coordinating documentation and responses.

Privacy & Data Protection

• Assist with managing privacy policies and procedures in alignment with HIPAA and HITECH.
• Conduct Privacy Impact Assessments (PIAs) and assist with Data Protection Impact Assessments (DPIAs).
• Help monitor privacy risks and maintain logs of incidents, investigations, and breach reports.
• Contribute to staff training initiatives on data privacy and protection policies.

Risk Assessments & Vendor Management

• Assist in conducting third-party risk assessments and maintaining a vendor compliance tracker.
• Document risk mitigation strategies and coordinate with internal stakeholders on remediation efforts.
• Maintain inventory of data flows and systems storing protected health information (PHI).

Audit Readiness & Monitoring

• Maintain audit documentation and evidence in support of GRC and privacy compliance efforts.
• Track audit findings and support follow-up activities and closure of remediation items.
• Help monitor emerging privacy laws and changes in regulatory requirements.

EXPERIENCE/EDUCATION REQUIREMENTS

• Bachelor's degree in information security, Health Information Management, or a related field.
• 2+ years of experience in GRC, compliance, or privacy roles within a healthcare environment.
• Familiarity with HIPAA, HITECH, and data privacy laws and regulations.
• Excellent analytical, documentation, and communication skills.
• Proficiency in Microsoft Excel, Word, and compliance management platforms.

Preferred Qualifications

• Professional certifications such as CIPP/US, CHPC, or GRCP.
• Experience with GRC tools such as FortifyData, OneTrust, Archer, or ServiceNow.
• Understanding of hospital workflows and protected health information (PHI) lifecycle.