Job Functions, Duties, Responsibilities and Position Qualifications:

We're not just a workplace - we're a Great Place to Work certified employer!

Proudly certified as a Great Place to Work, we are dedicated to creating a supportive and inclusive environment. At Sonic Healthcare USA, we emphasize teamwork and innovation. Check out our job openings and advance your career with a company that values its team members!

Position Summary

The Information Security GRC Specialist supports Sonic Healthcare USA’s Cybersecurity program by implementing and maintaining governance, risk, and compliance (GRC) practices that protect sensitive data and ensure regulatory alignment. This role leads internal audits, risk assessments, and policy development efforts, while serving as a technical resource across departments and external partners. The ideal candidate brings a strategic mindset, strong working knowledge of security frameworks, and a collaborative approach to problem-solving.

Key Responsibilities

• Implement and monitor security controls aligned with HIPAA, ISO27001:2022, and NIST CSF
• Conduct internal and third-party risk assessments; support remediation and audit readiness
• Develop and maintain cybersecurity policies, procedures, and awareness training programs
• Respond to vendor security assessments and manage documentation for external audits
• Maintain GRC tools, dashboards, and evidence artifacts; define control ownership and track corrective actions
• Provide cross-functional guidance on compliance requirements and stay current with regulatory changes

Qualifications

• Bachelor’s degree in Computer Information Systems or related field (preferred)
• 4+ years of experience in cybersecurity risk assessments, audits, policy development, and compliance
• Familiarity with HIPAA, ISO27001:2022, and NIST CSF v2.0 frameworks
• Certifications such as CISA, CISSP, CISM, or CRISC (preferred)

Core Competencies

• Strong understanding of security governance, compliance frameworks, and regulatory requirements
• Familiarity with IT infrastructure, data architecture, and cybersecurity technologies
• Skilled in GRC strategy development, data analysis, reporting, and maintaining technical standards
• Ability to communicate complex technical concepts clearly to varied audiences, including senior leadership
• Proven capacity to apply risk-based approaches to audits and assessments
• Comfortable working independently and collaboratively across teams and geographies
• Adaptable in fast-paced environments with shifting priorities

Scheduled Weekly Hours:

Work Shift:

Job Category:

Company:

Sonic Healthcare USA is an equal opportunity employer that celebrates diversity and is committed to an inclusive workplace for all employees. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, age, national origin, disability, genetics, veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, or local laws.