Cyber Security Risk Analyst

We're excited about the potential people bring to our organization. You can grow your career here while enjoying first-class perks, benefits and a culture that fosters growth, innovation and collaboration.

In recognition of the significant risk that third parties bring to Independent Health and its family of companies, the cyber security risk analyst (CSRA) will be responsible for the assessment of the organization's third-party vendors, partners, and suppliers. The CSRA will analyze and evaluate cyber security and privacy risks associated with the supply chain, including but not limited to hardware and software components, third-party services, and data management processes. The analyst will develop risk mitigation strategies and controls, including corrective action plans (CAPs), to ensure the security of the organization's supply chain and collaborate with the procurement, compliance, risk management, legal, and vendor management teams to ensure that cyber security and privacy requirements are included in the organization's contracts with suppliers and third parties. They will monitor and track cyber security risks associated with third parties and Independent Health and its family of companies and provide regular updates to senior management. This position will work with legal and business owners to contribute, review, and implement cyber security and privacy controls into third party and supply chain contracts. They will stay up to date with emerging cyber security threats and trends in the third-party risk industry. This role will also assist in executing our enterprise-wide cyber security risk assessment and fulfillment of internal and external audit, regulatory, and client requests for inquiry on our enterprise cyber security and privacy program.

• High school diploma or GED required. Bachelor’s degree preferred.
• Five (5) years of experience encompassing cyber security, governance, audit, risk management, third-party risk management or internal control assessment.
• Industry recognized certifications within the domain of information security, information technology and privacy (e.g., CISSP, GIAC, CISM, ITIL, CIPP/US, etc.) preferred.
• Knowledge of NIST CSF, ISO 27001/2, HIPAA, HITRUST, SSAE16 (SOC 1 and SOC 2), COBIT, ITIL or other cyber security and privacy frameworks control standards required.
• Experience using, maintaining, and developing governance, risk, and compliance software solutions.
• Able to make independent risk-based decisions with consideration for business and operational goals and constraints.
• Excellent planning and problem-solving skills; must have high attention to detail and quality of work deliverables; must show strong customer service orientation.
• Excellent oral and written communication skills, as well as the ability to convey security, technical and privacy related issues to business audience.
• Ability to work with a team as well as diverse workgroups on prevention, identification, and resolution of privacy and security problems.
• Proven examples of displaying the IH values: Passionate, Caring, Respectful, Trustworthy, Collaborative and Accountable.

• Conduct cyber security and privacy risk assessments of the organization's third-party vendors, partners, and supply chain.
• Analyze and evaluate cyber security and privacy risks associated with the supply chain, including but not limited to hardware and software components, third-party services, and data management processes.
• Develop, make, and implement risk mitigation strategies and controls to ensure the security and privacy of the organization's supply chain.
• Issue and execute CAPs as deemed necessary.
• Develop, implement, and maintain the cybersecurity continuous monitoring program for third party vendors and Independent Health and its family of companies to identify vulnerabilities, gaps, remediation, and maintain acceptable scores.
• Collaborate with procurement, compliance, business continuity and disaster recovery, risk management, finance, and vendor management teams to ensure that cyber security requirements are included in the organization's contracts with suppliers and vendors.
• Monitor and track cyber security risks associated with the supply chain and provide regular updates to business owners and senior management.
• Stay up to date with emerging cyber security threats and trends in the supply chain industry.
• Follow all established processes and procedures in the accomplishment of risk assessment processes.
• Act independently and work through the risk assessment process, solving problems and challenges as they arise.
• Assist in coordinating, reviewing and executing the enterprise cyber security and privacy risk assessment. Analyze risks and develop mitigation plans for evaluation by Chief Information Security Officer (CISO) and cyber security governance committees.
• Coordinate, provide guidance, evidence, and response for audits conducted internally and externally by Internal Audit, clients, and regulators. Ensure timely and accurate fulfilment of these audits.
• Collaborate with the Legal and Vendor Management department to actively contribute decisions for contract design, particularly concerning crucial provisions in vendor risk management.
• Represent Information Risk Office in cross-functional meetings and projects.
• Develop, foster, and mature process efficiencies with the goal of reducing time and effort to perform.

Immigration or work visa sponsorship will not be provided for this position

Hiring Compensation Range: $75,000 - $85,000 annually

Compensation may vary based on factors including but not limited to skills, education, location and experience.

In addition to base compensation, associates may be eligible for a scorecard incentive, full range of benefits and generous paid time off. The base salary range is subject to change and may be modified in the future.

As an Equal Opportunity / Affirmative Action Employer, Independent Health and its affiliates will not discriminate in its employment practices due to an applicant’s race, color, creed, religion, sex (including pregnancy, childbirth or related medical conditions), sexual orientation, gender identity or expression, transgender status, age, national origin, marital status, citizenship and immigration status, physical and mental disability, criminal record, genetic information, predisposition or carrier status, status with respect to receiving public assistance, domestic violence victim status, a disabled, special, recently separated, active duty wartime, campaign badge, Armed Forces service medal veteran, or any other characteristics protected under applicable law. Click here for additional EEO/AAP or Reasonable Accommodation information.

Current Associates must apply internally via the Job Hub app.