Senior Cybersecurity Risk Governance Analyst - 1647

GHX · Hyderabad, Telangana, India · Engineering

Posted 2026-06-18

Apply for this role →

Role: Senior Cybersecurity Risk Governance Analyst

Location: Hyderabad, India (Hybrid)

Department: Infrastructure/Info Security

About GHX:

GHX (Global Healthcare Exchange) is a leading healthcare technology company on a mission to simplify the business of healthcare and improve patient outcomes. Founded in 2000, GHX has built the GHX Global Network — the world’s largest cloud-based supply chain community connecting healthcare providers, suppliers, distributors, and partners to automate key processes, reduce costs, and increase operational efficiency. Its solutions span electronic trading, procurement automation, inventory and contract management, business intelligence, and data synchronization, helping healthcare organizations improve productivity and focus more on patient care. Over the years, GHX has enabled significant cost savings for the industry and continues to innovate with intelligent automation and AI-driven capabilities.

Website: https://www.ghx.com/

LinkedIn: https://www.linkedin.com/company/ghx/

Job Summary

Provide professional expertise and advise IT and senior leadership in matters relating to technology-related compliance with all applicable laws, regulations, industry standards and corporate compliance requirements. Assess changes in the regulatory, business and technology environment and recommend and implement or guide appropriate changes to IT policies, controls, and processes to address security and technology issues. Manage and coordinate IT audit activities by working with IT leaders, team members, external auditors, regulators, and other organizations that review and assess IT processes and controls. Lead and execute cybersecurity risk management activities include internal compliance and risk management activities as well as third-party vendor security oversight and response to customer security inquiries.

Responsibilities

Provide professional expertise and advise leadership in complying with all applicable laws, regulations, and accreditations, including Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI-DSS), FedRAMP, HITRUST, ISO 27001, and EU General Data Protection Regulation (GDPR).

Facilitate, oversee, and provide point of contact for all IT audits, assessments, and other reviews of processes and technology. Work with teams to coordinate schedules for activity. Work with IT teams to deliver requested evidence, documentation, conduct interviews, walk through processes, test controls, and negotiate issues. Manage and monitor development and execution of action plans by reviewing and evaluating reports for trends, working with leadership to prioritize findings, and track progress toward agreed upon timeframes. Ensure issues are appropriately documented, relevant, and understood.

Perform IT risk and controls assurance assessments of internal and third-party technology-related processes and solutions, working with IT leaders, security architects, Procurement, and other subject matter experts.

Perform recurring assessments of information security and technology functions to measure maturity against industry standard baselines, identifying improvement areas, registering risks, and assisting with action plans to move processes to a higher level of maturity.

Develop and maintain operational metrics to ensure information security and technology risk and the performance of the IT risk and compliance program is measured sufficiently to enable success.

Mentor and coach team members through risk assessments, including scoping of an assessment, resolving conflict, and prioritization of issues. Perform peer review of work product and deliverables.

Continuously look to optimize processes, technology and capabilities through tactical and strategic development.

Other duties as assigned.

Knowledge and Skills

Strong analytical skills

Demonstration of ability to solve problems using best practices and systematic approach

Relationship builder; able to create and maintain a trusted network on all levels

Good communication, influencing and negotiating skills

Written and oral communication skills including the ability to communicate complex technical issues to non-technical staff

Project management and organizational skills

Tactful and diplomatic when engaging with all levels of management always maintaining a professional demeanor

Required Experience

5–8 years direct experience with information security, IT controls assurance and IT audit facilitation

Working knowledge of industry standards such as NIST Cybersecurity Framework, FedRAMP, NIST SP 800-53, ISO 27001, Sarbanes-Oxley, SOC1, SOC2, HIPAA, HITRUST and other similar frameworks

Preferred Experience

Experience in cloud-based environments for production applications, including Amazon Web Services, Microsoft Azure, GCP or other large-scale cloud deployment

Understanding of attack vectors and methodologies

Ability to weigh business risks and enforce appropriate information security measures

CISSP, CISM, CISA, CCSA or equivalent certification preferred

Proficient in the use of Microsoft Office (Excel and PowerPoint), Power BI and Power Automate

Apply for this role →

← Back to all crypto jobs