Description

We've made a lot of progress since opening the doors in 1942, but one thing has never changed - our commitment to serve, heal, lead, educate, and innovate. We believe that every award earned, every record broken and every patient helped is because of the dedicated employees who fill our hallways.

At Ochsner, whether you work with patients every day or support those who do, you are making a difference and that matters. Come make a difference at Ochsner Health and discover your future today!

The IS Security GRC Platform Engineer is responsible for managing and enhancing the Governance, Risk, and Compliance (GRC) application and associated frameworks within the Information Security (IS) department. This role ensures compliance with HIPAA and other federal regulatory requirements, supports vendor and application risk assessments, contributes to mergers and acquisitions (M&A) due diligence, and drives continuous improvement across the GRC platform. The engineer works closely with cross-functional teams to maintain platform integrity and support enterprise risk management.
To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable qualified individuals with disabilities to perform the essential duties.

This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at the company's discretion.

Education

Required - High school diploma or equivalent.

Work Experience

Required - 2 years information technology experience with master's degree;

OR

4 years information technology experience with bachelor's degree;

OR

6 years information technology experience with associate's degree;

OR

8 years of information technology experience.

Knowledge Skills and Abilities (KSAs)

• Strong communication skills (verbal, written, diagrammatic and visual) with the ability to collaborate across technical and business teams
• Deep understanding of identity and access management (IAM), regulatory frameworks (e.g., HIPAA, and PCI), and other federal compliance standards
• Experience in risk scoring methodologies and applying mitigation strategies based on business and threat drivers
• Expertise in GRC frameworks (e.g., NIST, ISO 27001, HITRUST) and best practices
• Hands-on experience with ServiceNow GRC or similar ITSM/GRC platforms
• Ability to support vendor and application vetting processes, including risk assessments, documentation, and approval workflows
• Familiarity with M&A activities from a security and compliance perspective
• Strong analytical and critical thinking skills; ability to make sound decisions based on data and risk analysis
• Ability to interpret business, technology, and threat drivers, and develop quantitative risk measures, enumerate, and communicate risk scoring, and apply standard security practices for risk mitigation or acceptance.
• Strong knowledge of governance, risk, and compliance frameworks, standards, and best practices.
• Working knowledge of GRC platforms (e.g., ServiceNow, Archer, OnSpring) to maintain governance, risk and compliance with frameworks like NIST or ISO 27001.and/or other ITSM/GRC integrated platforms.
• Ability to work a flexible schedule (e.g. 24/7, weekend, holiday, on call availability).

Job Duties

• Maintain and enhance the GRC platform, ensuring alignment with organizational standards and continuous service improvement (CSI) practices
• Ensure compliance with HIPAA and other applicable federal and industry regulations across IS operations
• Conduct vendor and application vetting, including risk assessments, documentation, and approval workflows
• Participate in M&A due diligence activities, focusing on cybersecurity risk and compliance posture of target entities
• Implement and manage tools and processes for monitoring and reporting on regulatory compliance and internal governance requirements
• Assess, document, and escalate cybersecurity risks, including risk scoring and acceptance workflows to executive leadership
• Ensure security controls and attestations are accurately represented and compliant with applicable laws and regulations
• Collaborate with internal teams and vendors to onboard new processes and ensure platform adoption and adherence
• Develop, implement, and maintain cybersecurity policies, standards, and procedures to support organizational security objectives and regulatory compliance

The above statements describe the general nature and level of work only. They are not an exhaustive list of all required responsibilities, duties, and skills. Other duties may be added, or this description amended at any time.

The employer is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability status.

Physical and Environmental Demands

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Light Work - Exerting up to 20 pounds of force occasionally, and/or up to 10 pounds of force frequently, and/or a negligible amount of force constantly (Constantly: activity or condition exists 2/3 or more of the time) to move objects. Physical demand requirements are in excess of those for Sedentary Work. Even though the weight lifted may be only a negligible amount, a job should be rated.

Light Work: (1) when it requires walking or standing to a significant degree; or (2) when it requires sitting most of the time but entails pushing and/or pulling of arm or leg controls; and/or (3) when the job requires working at a production rate pace entailing the constant pushing and/or pulling of materials even though the weight of those materials is negligible.

NOTE: The constant stress and strain of maintaining a production rate pace, especially in an industrial setting, can be and is physically demanding of a worker even though the amount of force exerted is negligible.

Are you ready to make a difference? Apply Today!

Ochsner Health does not consider an individual an applicant until they have formally applied to the open position on this careers website.

Please refer to the job description to determine whether the position you are interested in is remote or on-site. Individuals who reside in and will work from the following areas are not eligible for remote work position: Colorado, California, Hawaii, Illinois, Maryland, Massachusetts, Minnesota, New Jersey, New York, Vermont, Washington, and Washington D.C.

Ochsner Health endeavors to make our site accessible to all users. If you would like to contact us regarding the accessibility of our website, or if you need an accommodation to complete the application process, please contact our HR Employee Solution Center at 504-842-4748 (select option 1) or careers@ochsner.org. This contact information is for accommodation requests only and cannot be used to inquire about the status of applications.

Ochsner is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to any legally protected class, including protected veterans and individuals with disabilities.