This job is closed

We regret to inform you that the job you were interested in has been closed. Although this specific position is no longer available, we encourage you to continue exploring other opportunities on our job board.

Fred Hutchinson Cancer Research Centerposted about 1 month ago
$118,560 - $187,387/Yr
• Mid Level
Seattle, WA
Hospitals

About the position

The GRC (Governance, Risk, and Compliance) Engineer is responsible for participating in the information security program to ensure that information assets and associated technology, applications, systems, infrastructure, and processes are adequately protected. The GRC engineer is responsible for identifying, evaluating, and reporting on information security risk to information assets. The GRC engineer will proactively work with business units and partners to assess and design controls to reduce information security risk. The GRC engineer should understand and articulate the impact of information security controls on the business and be able to communicate this to stakeholders. The GRC engineer must be knowledgeable about both internal and external business environments and ensure that information systems are maintained in a fully functional and secure mode and are compliant with legal, regulatory, and contractual obligations.

Responsibilities

  • Assist in managing a targeted information security awareness training program for all staff and affiliates; establish metrics to measure the effectiveness of this security training program for the different audiences.
  • Understand and interact with other business units to ensure the consistent application of policies and standards across all technology projects, systems and services, including risk management and compliance.
  • Provide clear risk mitigating directives for projects with components in IT, including the mandatory application of controls.
  • Participate in a risk-based process for the assessment and mitigation of any information security risk in the organization (including vendors, business partners and other third parties).
  • Assist in managing a governance, risk, and compliance platform to facilitate risk management and incident management. Integrate platform with other systems and data sources.
  • Facilitate the processes for information security risk and for legal and regulatory assessments, including the reporting and oversight of remediation efforts.
  • Consult with project managers to ensure that security is embedded in the project delivery process by providing the appropriate information security policies, practices, and guidelines.
  • Act as a member of the IIRP during information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the organization's reputation.
  • Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
  • Facilitate periodic security compliance reviews and audits of on-premises and hosted environments, including AWS and Azure.
  • Maintain compliance documentation, including managing and tracking policy exceptions.
  • Assist in managing security awareness training.
  • Assist in the assessment and review of new and existing technology infrastructure to ensure adequate levels of control are in place to address identified risks and develop risk mitigation techniques and processes when necessary.
  • Assist in the development and ongoing oversight of a robust vulnerability management program.
  • Conduct risk assessments on business and IT operational processes, procedures, and policies; interpret audit results and make conclusions on the adequacy and reliability of controls; prepare and present reports, as necessary.
  • Develop and manage reports using business intelligence tools.
  • Stay informed about current security and privacy laws and provide guidance to the team when evaluating new projects; and perform other duties as assigned.

Requirements

  • Bachelor's degree or equivalent work experience in a technical discipline related to Information Technology
  • Minimum 7 years hands-on information security experience, including experience conducting technical and non-technical risk assessments
  • Strong knowledge of information security risk management and information security technologies (e.g. SIEM, vulnerability management, data loss prevention, and/or endpoint protection)
  • Proven track record and experience interpreting information security policies and procedures and successfully communicating with non-security workforce.
  • Excellent interpersonal skills, presentation skills, and verbal / written communication skills
  • Understanding of compliance and regulatory requirements such as HIPAA and PCI
  • Knowledge of common information security management frameworks, such as ISO/IEC 27001, ITIL, COBIT as well as those from NIST, including 800-53 and Cybersecurity Framework
  • Organized, responsive, and thorough problem solver
  • Ability to work collaboratively with a broad range of staff
  • High degree of initiative, dependability, and ability to work with little supervision while being resilient to change
  • Excellent analytical skills, the ability to manage multiple projects under strict timelines, as well as the ability to work well in a demanding, dynamic environment and meet overall objectives
  • High level of personal integrity, as well as the ability to professionally handle confidential matters and show an appropriate level of judgment and maturity

Nice-to-haves

  • Experience hardening/securing virtualization technologies, databases, and operating systems (Windows/Linux) utilizing industry best practices
  • Knowledge of networking concepts (routing, switching, VLANs, ACLs), systems administration or development.
  • Experience coding including use of APIs
  • Familiarity with information security policies, standards, industry best practices, and frameworks. (ISO 27K, NIST 800-53, CIS, HITRUST, etc.)
  • General information security certification (e.g., CISSP, CISA, etc.)
  • Experience with Infrastructure as a Service (IaaS), such as AWS or Azure
  • Knowledge of industry best practices related to security concepts

Benefits

  • Medical/Vision
  • Dental
  • Flexible spending accounts
  • Life insurance
  • Disability insurance
  • Retirement
  • Family life support
  • Employee assistance program
  • Onsite health clinic
  • Tuition reimbursement
  • Paid vacation (12-22 days per year)
  • Paid sick leave (12-25 days per year)
  • Paid holidays (13 days per year)
  • Paid parental leave (up to 4 weeks)
  • Partially paid sabbatical leave (up to 6 months)

Job Keywords

Hard Skills
  • Information Technology
  • Infrastructure As A Service
  • ISO/IEC 27001
  • NIST 800
  • NIST 800-53
  • 2SbNzu6eh XKuNyfv5GD
  • 4Ncu682l 5v0NfpzqsL
  • 7x1b3QdrKFgZAjJ Gjie7hCuT
  • 9JZjFEgzQqy LJkKrq8Rs2
  • 9x5f0Xl ezcCUSgTjhKo
  • AhSyPQ8tpX eSGc rDHvAKa5BP
  • anhM0HXRi O6ycsV8QjbS
  • b28n1 pXh7cHexOaS
  • BCsGX0rWpm9 PgFXh 1olT8kizsIw
  • bu28R 5vcRuwpMWLD
  • c1ps5KfF Wbxt
  • dhsVBbvZ VvIjw6khuUa
  • DosSav8g4ZK YEPhFBjQsfIe0
  • Ew2iqaL HqoxBu9M
  • FwrbTGONSBR IFGoxc4ju
  • GgtKXOkJ8 d3YtLhJXW
  • hNmeKo1OJ ozqyrCxYQ8
  • HoDIZLGS1 WGN9X5ehDB
  • j9snt0IoiD3S VEuQZT75
  • JfOq5tS tcxeDGN7Thv
  • jMmpXnL x1CTo8JA6Dlsi7k
  • JtIw2 vGDRL0TYo1k
  • p7BL1 pejDsJ8 gHm4zhl8wsM
  • PFIwX RQB3HdrTGu6
  • PJQGnOjoW Ja8BMVqG3
  • PytD0b6FXk 5A9Q y3V1bui7Yv
  • RTkSogDBU hdT9nxsbjzP
  • rv8p2Ji9kMbFW 57iSuGsCM
  • SjlDECB19 zWSUt79IGLF
  • SNwY9B5I81l ZBSOtYTIl
  • t7JOgXLHEjSf EdUuK5qCy VYbW21QTO5K
  • vPX1LunEcT QGe9VKj
  • WBwm0MoPt zH6ABxnsYpt icp4rBMgV
  • x0H6cD2A vL9UaNkqx
  • Xk7Mnyl 1lGscCNeDm3
  • xp3XO 06qaH4roMmG
  • ybXTR 2dfMSkJjBhK
Soft Skills
  • BJP1tYDu9hi iQoHMTr
  • EOvGZLCuB ifuzWoVrag
  • td9RQ7wo VvPTF6l3
Build your resume with AI

A Smarter and Faster Way to Build Your Resume

Go to AI Resume Builder
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service