GRC Analyst

Job Description

Job Description

WE ARE HEALTHCARE SYSTEMS OF AMERICA. Our mission is to elevate healthcare standards, improve patient outcomes, and create value for communities across the United States. Healthcare Systems of America (HSA) is more than a healthcare provider-we're a community built on excellence, innovation, and compassion. If you're looking for a career that makes a difference, empowers you to grow, and gives you the opportunity to impact lives, HSA is where you belong.

Healthcare Systems of America operates 8 community hospitals across 3 states. We service a multitude of patients and their families across our vast network, while remaining committed to the professional development of our staff, the functional improvement of our patients, and the cultivation of strong partnerships within our communities.

WHAT WE OFFER

• Career Growth & Development - We are an essential, stable and growing company with many opportunities for training and advancement within the medical field that all employees and team members can benefit from.
• Supportive & Inclusive Culture - We foster an environment where every team member is valued, heard, and empowered to succeed.
• Meaningful Work - Every day, you'll contribute to patient care, cutting-edge medical solutions, and life-changing treatment and technologies.

POSITION SUMMARY

The Governance, Risk, and Compliance (GRC) Analyst plays a key role in supporting and enhancing the organization's security, compliance, and risk posture. This individual will assist in implementing GRC frameworks, managing policy governance, performing risk assessments, and supporting audit readiness efforts across the healthcare environment. The GRC Analyst works closely with internal stakeholders to ensure regulatory and organizational compliance across systems and vendors.

PRIMARY RESPONSIBILITIES

Governance, Risk & Compliance (GRC)

• Support development, implementation, and maintenance of the GRC program and associated controls.
• Conduct internal risk assessments and report findings, risk levels, and mitigation strategies.
• Monitor compliance with industry regulations including HIPAA, HITECH, and other healthcare standards.
• Coordinate with cross-functional teams to ensure compliance requirements are integrated into business processes.
• Maintain and update the inventory of organizational policies, standards, and procedures.
• Assist with preparing for internal and external audits by collecting evidence and documentation.
• Track remediation efforts and follow up on audit findings and compliance gaps.
• Maintain records of third-party/vendor risk assessments and assist with due diligence documentation.
• Stay current on regulatory changes and best practices in healthcare cybersecurity and compliance.

Privacy & Data Protection

• Assist with managing privacy policies and procedures in alignment with HIPAA and HITECH.
• Conduct Privacy Impact Assessments (PIAs) and assist with Data Protection Impact Assessments (DPIAs).
• Help monitor privacy risks and maintain logs of incidents, investigations, and breach reports.
• Contribute to staff training initiatives on data privacy and protection policies.

Risk Assessments & Vendor Management

• Assist in conducting third-party risk assessments and maintaining a vendor compliance tracker.
• Document risk mitigation strategies and coordinate with internal stakeholders on remediation efforts.
• Maintain inventory of data flows and systems storing protected health information (PHI).

Audit Readiness & Monitoring

• Maintain audit documentation and evidence in support of GRC and privacy compliance efforts.
• Track audit findings and support follow-up activities and closure of remediation items.
• Help monitor emerging privacy laws and changes in regulatory requirements.

EXPERIENCE/EDUCATION REQUIREMENTS

• Bachelor's degree in Cybersecurity, Information Systems, Health Information Management, or related field.
• 2+ years of experience in GRC, risk management, or compliance roles in a healthcare setting.
• Working knowledge of HIPAA, HITECH, and NIST frameworks (e.g., NIST CSF, 800-53).
• Excellent attention to detail and strong organizational skills.
• Strong verbal and written communication abilities.

Preferred Qualifications

• Professional certifications such as GRCP, CRISC, HCISPP, or CISA.
• Experience with GRC platforms (e.g., FortifyData, OneTrust, Archer, ServiceNow GRC).
• Understanding of hospital IT environments and healthcare data flows.