About the role

Aplyr's Quick Take

This role is focused on managing compliance and risk assessments related to information security for Delta Dental. You'll work with various teams to ensure that both internal and external audits are completed and that the company meets regulatory requirements. It's primarily an individual contributor role with some collaboration across departments.

Good fit

Ideal candidates have a background in information security or compliance, with a few years of experience in governance, risk, and compliance roles. A detail-oriented, analytical mindset and the ability to work independently while collaborating with others will help you thrive here.

Worth noting

The position is hybrid, which offers some flexibility, but the job requires a strong understanding of various compliance standards like HIPAA and PCI. Be prepared for a workload that involves both technical assessments and administrative tasks related to governance risk compliance.

Job Title:

Information Security Governance Risk and Compliance Analyst

Number of Positions:

Location:

Okemos, MI

Location Specifics:

Hybrid Position

Job Summary:

At Delta Dental of Michigan, Ohio, and Indiana we work to improve oral health through benefit plans, advocacy and community support, and we amplify this mission by investing in initiatives that build healthy, smart, vibrant communities. We are one of the largest dental plan administrators in the country, and are part of the Delta Dental Plans Association, which operates two of the largest dental networks in the nation.

At Delta Dental, we celebrate our All In culture. It’s a mindset, feeling and attitude we wrap around all that we do – from taking charge of our careers, to helping colleagues and lending a hand in the community.

Position Description

Facilitates the timely completion of internal and external systems audits and assessments on behalf of Delta Dental of Michigan and its affiliates. This position will also help with the daily GRC operations.

Primary Job Responsibilities:

Partner across ISS teams, departments, and affiliates to interpret technical requirements and map compliance requirements to control implementation, and maintains an understanding across our products of all current and emerging technologies, open system standards, and management technologies as they relate to the support of our business needs.
Evaluates vendor architectures, data flows, control evidence (SOC reports, pen tests, SIG), and confirming risk treatment for vendor access to sensitive data to support TPRM.
Drives the completion of third-party audits and helps enable company compliance with customer technical requirements, industry standards, and regulatory requirements. Examples include SOC, HITRUST, HIPAA, CMMC, FedRAMP, GovRAMP, NIST, and PCI.
Assist with customer and regulatory risk assessments, audits, attestations, and other security information requests.
Partner closely on security operations tasks with cross-functional teammates in IT, DevOps, Engineering, and Test.
Facilitate technical, operational, and regulatory outcomes across our client portfolio, including continuous monitoring and compliance audits.
Monitor and analyze security risks and metrics to identify trends, correlations, and variances and recommends improvements as needed.
Administers the enterprise GRC platform, including control libraries, evidence workflows, and reporting.
Maintains executive-level reports that provide visibility into key cybersecurity metrics and KPIs.
Facilitates automation for compliance controls, evidence collection, and compliance artifact generation using Sharepoint and Power Automate.
Documents gaps in POA&Ms with root cause, technical remediation steps, measurable milestones, and validation criteria; tracks remediation to closure and re-test control effectiveness.
Analyzes data flow diagrams (DFDs), network diagrams, and solution architectures to confirm trust boundaries, data classifications, encryption paths, and control placement across system components.

Perform other related assigned duties as necessary to complete the Primary Job Responsibilities as described above.

#LI-Hybrid

Minimum Requirements:

Position requires a bachelor’s degree in information technology or related field and three years’ experience in information technology with compliance and security standards and frameworks, including: GDPR, HIPAA, PCI DSS, CIS Benchmarks and NIST frameworks. CCSP, CISSP, CISA, GCSA, GCPN, GPEN, or similar certifications are preferred. Will accept any suitable combination of education, training, and experience.

Position requires demonstrated technical experience implementing and assessing information security and privacy controls aligned with GDPR, HIPAA, PCI DSS, CIS Benchmarks, and NIST frameworks (e.g., NIST SP 800‑53, 800‑171);hands‑on experience in one or more enterprise IT domains, including operating systems, cloud and virtualized platforms, network security, identity and access management, logging and monitoring, or vulnerability management; knowledge of information security principles and practices, GRC solutions, intrusion detection systems, installation, configuration, monitoring and response to security systems, advanced security protocols and standards, software and security architectures, risk management, control techniques and frameworks, planning and project management, regulations, and laws; ability to lead teams; ability to collect and analyze complex data; use data extraction and analysis tools; ability to use active listening skills; and effective verbal and written communication

The company will provide equal employment and advancement opportunity within the context of its unique business environment without regard to race, color, religion, gender, gender identity, gender expression, age, national origin, familial status, citizenship, genetic information, disability, sex, sexual orientation, marital status, pregnancy, height, weight, military status, or any other status protected under federal, state, or local law or ordinance.

Skills & Tags

Aplyr's read

Delta Dental is a non-profit leader in dental insurance, offering diverse roles from compliance to data analysis, attracting professionals dedicated to healthcare innovation.
Synthesized from recent postings & public sources

What's promising

•Strong focus on compliance and regulatory roles ensures robust operational integrity.
•Diverse job opportunities in technology, data analysis, and healthcare compliance.
•Non-profit status allows reinvestment into member services and community health initiatives.

What to watch

•Complex organizational structure with independent member companies may lead to inconsistent experiences.
•Limited public information about career advancement opportunities within the organization.
•Potential challenges in aligning goals across various independent member companies.

Why Delta Dental

•Operates as a non-profit, focusing on community health rather than shareholder profit.
•Extensive network of independent member companies provides wide geographical coverage.
•Specialized focus on dental insurance differentiates it from broader healthcare insurers.

Aplyr’s read is generated by AI from public sources. Was it useful?

About Delta Dental

Delta Dental

deltadental.com

View company

Delta Dental Plans Association is a non-profit organization that provides dental insurance and related services across the United States. It operates through a network of independent member companies, offering a range of dental plans for individuals, families, and employers.