Professional, Sr. Security GRC Analyst

MVP Health Care

Job title: Professional, Sr. Security GRC Analyst

Company: MVP Health Care

Job description: Professional, Sr. Security GRC Analyst

Headquarters Office, 625 State Street, Schenectady, New York, United States of America Req #1803

Tuesday, November 14, 2023

Over 35 years strong and fueled by 1,700 smart, passionate employees across New York state and Vermont, MVP is full of opportunities to grow. We are a nationally recognized, award-winning leader for a reason. The beating heart of our company is a wide range of employees from a diverse set of backgrounds-tech people, numbers people, even people people-working together to make health insurance better. If you are ready to join a thriving, mission-driven company where you can create your own opportunities and make a positive difference-it’s time to make a healthy career move to MVP!

Full-Time, Exempt

This position will be directly responsible for ensuring MVP’s security policies and procedures are maintained and comply with all internal and external regulations and requirements. The Senior Security Policy Analyst is responsible for knowing all applicable health and governmental regulations, how and where these regulations relate MVP, as well as the impact of the security requirements on business-critical systems and mission. The Senior Security Policy Analyst will oversee and mentor the GRC Security Analyst(s) on Cybersecurity oversight and compliance and provide hands-on assistance as appropriate to ensure success. In addition, the position is directly involved in supporting various audit activities and serve as the liaison between the auditors, the various business units and MVP leadership.

Responsibilities include:

  • Direct and oversee the GRC Security Analyst in all of their duties and responsibilities.
  • Develop, implement, and communicate IT and Corporate security policy, standards, best practices, guidance and procedures.
  • Work with Business on the creation of Process and Procedure documentation. Provide compliance oversight through regular audits of business units.
  • Providing expert advice on addressing IT information security issues.
  • Assist with the development of policy awareness efforts and materials for distribution to the user community.
  • Draft, review, and comment as needed on translating federal requirements into Department policies and requirements, including, but not limited to: NIST publications, DFS guidance and requirements, CMS and HIPAA.
  • Implement HIPAA and HITRUST assessments and implement CSF framework controls to ensure compliance.
  • Ensure security vulnerability and risk assessments are conducted as appropriate on any system upgrades, software/hardware changes, etc. Provide oversight and communication as necessary.
  • Provide third party oversight including review of contracts, Business Associate Agreements, Information Security Questionnaires and other artifacts such as SOC2 Type II and HITRUST reports.
  • Work with Enterprise Risk Management team to ensure Business Continuance plans are up to date. Assist with regular executive and departmental table-top exercises.
  • Support annual recertification of accounts – ensure new accounts have appropriate access and any inactive accounts are deactivated. Provide hands-on assistance to Business Units as necessary.
  • Create Cybersecurity dashboard and presentations for Board Risk and Compliance Committee.
  • Manage and maintain the Security Risk Register. Coordinate with Enterprise Risk Team to ensure all risks are tracked and actively worked on for remediation. Work with business to identify and manage risks associated with policy violations and exceptions.

Position Qualifications

Minimum Education:

Bachelor’s Degree, or an equivalent combination of formal education

Minimum Experience:

  • Minimum 5 – 8 years of relevant experience in functional responsibility.
  • Candidates should be well-versed in risk management and must have experience working with SDLC and performing security tasks throughout.
  • Experience and working understanding of HIPAA compliance, experience conducting all phases of Certification and Accreditation (C&A) and creating documentation in accordance with NIST guidance.
  • Candidate should have strong analytical and organizational skills.
  • Ability to mentor and train junior level staff.
  • Candidate should have concise writing skills, excellent MS Word skills as well as other MS Office Applications.
  • Personnel shall be well versed with NIST publications and other Health related publications and their requirements and impact on system security.

About MVP

MVP Health Care is a nationally recognized, not-for-profit health insurer caring for members in New York and Vermont. Committed to the complete well-being of our members and the communities we serve, MVP makes health insurance more convenient, more supportive, and more personal. We are powered by the ideas and energy of more than 1,700 diverse employees from all backgrounds, committed to having a positive impact on the health and wellness of everyone we serve.

At MVP, we are committed to providing competitive employee compensation and benefits packages. The base pay range provided for this role reflects our good faith compensation estimate at the time of posting. Specific employment offers and associated compensation will be made individually based on several factors , including but not limited to geographic location ; relevant experience, education, and training; and the nature of and demand for the role.

In addition, we offer a comprehensive benefits package that includes:

  • Considerable paid time away from work including PTO (Paid Time Off), s ick t ime, service t ime o ff, p aid h olidays, and f loating h olidays , allowing you to take time off when it suits you best.
  • Competitive 401(k) employer matching and profit-sharing program to help you save for your retirement.
  • Low premium health benefits including medical, dental, and vision coverage to support your well-being and that of your family.
  • Life insurance and disability coverage to ensure financial security for you and your dependents.
  • An array of optional benefit plans such as accident insurance and specified disease coverage to protect you from the unexpected.
  • Full tuition reimbursement (up to the IRS limit) for approved courses and programs that support continuous learning.
  • A best-in-class employee Well-Being program to support all dimensions of your health and wellness.

MVP Health Care analyzes the latest market data to determine employee compensation. Compensation figures listed in a job posting are subject to change as new market data becomes available. The salary range, other compensation, and benefits information is accurate as of the date of this posting. MVP Health Care reserves the right to modify this information at any time, subject to applicable law. More detailed information about total compensation and benefits will be provided during the hiring process.

MVP Health Care is an Affirmative Action/ Equal Employment Opportunity (PDF). We recruit, employ, train, compensate, and promote without regard to race, religion, creed, color, national origin, age, gender, sexual orientation, marital status, disability, genetic information, veteran status, or any other basis, e.g., Pay Transparency (PDF), and the Know your Rights protected by applicable federal, state or local law. Any person with a disability needing special accommodations to the application process, please contact Human Resources at

Please apply and learn more – including how you may become a proud member of our team.

Other details

  • Job Family Information Technology & Transformation Services
  • Pay Type Salary
  • Min Hiring Rate $75,870.00
  • Max Hiring Rate $148,930.00

Expected salary: $75870 per year

Location: Schenectady, NY

Job date: Fri, 17 Nov 2023 08:49:00 GMT

To apply for this job please visit