Information Security GRC Leader

About SagilitySagility is a tech-enabled BPM services provider, a thought partner providing a broad spectrum of transformational services, to enable our clients provide efficient and hi-quality care across the healthcare system. Sagility combines industry-leading technology and transformation-driven BPM services with decades of healthcare domain expertise to help clients draw closer to their members. We optimize the entire member/patient experience through service offerings for clinical, case management, member engagement, provider solutions, payment integrity, claims cost containment, and analytics.Leading industry analyst firms have consistently cited our service excellence, breadth of offerings, and ability to execute. The most recent being recognized as a leader for Healthcare Payer Operations in 2022 & 2023 as a part The Healthcare Payer Operations PEAK Matrix® Assessment report by Everest Group. To learn more about our recognitions please visit our AWARDS SECTIONWe have 40,000+ employees in 15 cities across 5 countries – India, Philippines, USA, Jamaica, and Colombia.Role OverviewThe InfoSec GRC Officer will be responsible for driving and maintaining the organization’s governance, risk, and compliance framework. This includes ensuring robust account hygiene practices, managing account-level GRC reporting, aligning with HiTrust certification requirements, overseeing governance processes, and mitigating third-party risks. The role demands a proactive and detail-oriented professional with strong analytical and communication skills.Key ResponsibilitiesAccount Hygiene & GRC Reporting- Monitor and enforce account hygiene standards across infrastructure and application layers.- Develop and maintain dashboards and reports for account-level GRC metrics.- Collaborate with IT and security teams to ensure timely remediation of hygiene issues.- Conduct periodic reviews and audits of account configurations and access controls.Governance, Risk & Compliance (GRC)- Implement and maintain GRC frameworks aligned with industry standards and regulatory requirements.- Support internal and external audits, including evidence collection and gap remediation.- Maintain risk registers and track mitigation plans across business units.- Facilitate risk assessments and control testing activities.HiTrust Compliance- Lead initiatives to align with HiTrust CSF requirements.- Coordinate with stakeholders to ensure documentation, controls, and evidence meet HiTrust standards.- Support readiness assessments and certification processes.Governance Processes- Define and document governance policies, procedures, and workflows.- Ensure consistent application of governance principles across projects and operations.- Conduct training and awareness sessions on governance best practices.Third Party Risk Management- Evaluate and monitor third-party vendors for InfoSec compliance and risk exposure.- Conduct due diligence, risk assessments, and periodic reviews of vendor security posture.- Maintain third-party risk inventory and ensure contractual obligations are met.Qualifications & Skills:- Bachelor’s degree in information security, Risk Management, or related field.- 5+ years of experience in GRC, cybersecurity, or IT compliance roles.- Strong understanding of HiTrust CSF, ISO 27001, NIST, and other regulatory frameworks.- Experience with GRC tools (e.g., Archer, ServiceNow GRC, MetricStream).- Excellent analytical, documentation, and communication skills.- Ability to work independently and collaboratively in a fast-paced environment.Preferred Certifications- Certified Information Systems Auditor (CISA)- Certified in Risk and Information Systems Control (CRISC)- HiTrust Certified Professional (HCP)- ISO 27001 Lead Implementer or Auditor