New

Governance, Risk and Compliance Analyst Senior

Cone Health
United States, North Carolina, Greensboro
Jan 07, 2026
The Governance, Risk & Compliance (GRC) Analyst - Senior will collaborate with process owners, internal auditors, external auditors, and other stakeholders in order to assist in reviewing, monitoring, and resolving cybersecurity risk. This includes helping the organization manage HITRUST, HIPAA and NIST Common Security Framework (CSF) audits and attestations. By supporting the implementation of internal and external assessments, responding to and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards including SOC2, ISO 27001, PCI-DSS, SOX, and other GRC activities, the Principal GRC Analyst will also contribute to managing the organization?s IT compliance program. Essential Job Function Lead the execution and reporting of outcomes derived from Third Party Risk Assessments. Manage the completion of risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with NIST and HITRUST standards. Manage and monitor a central repository for all security risks and audit evidence. Maintain security standards, policies, and practices on an annual basis to make sure they meet organizational and regulatory requirements. Manage a security awareness training program in order to educate associates about security compliance standards, risk management practices, and ethical behavior. Collaborate with legal and compliance teams to ensure policies and security controls align with regulatory requirements. Conduct internal audits to assess the effectiveness of security controls and identify areas for improvement. Performs other duties as assigned. Education Required: Bachelor's Degree and/or equivalent experience Experience Required: 7 years Licensure/Certification/Listing Required: Certified Information Security Manager (CISM)?certification