Enable job alerts via email!
IT Risk Analyst,Remote, NC-Remote,United States
Intellibee
United States
Remote
USD 80,000 - 120,000
Full time
Boost your interview chances
Create a job specific, tailored resume for higher success rate.
Job summary
An established industry player is seeking a Senior Information Security Risk Analyst to lead its annual enterprise security risk assessment. This role involves ensuring compliance with industry-standard frameworks such as NIST and HIPAA, while also preparing for HITRUST certification. The ideal candidate will possess extensive experience in IT risk management and cybersecurity, demonstrating strong communication skills to engage with both technical and executive audiences. Join a forward-thinking organization where your expertise will significantly contribute to enhancing security governance and risk mitigation efforts.
Qualifications
- 5+ years of experience in IT risk management and cybersecurity.
- Knowledge of NIST SP 800-30 and NIST SP 800-53 Rev. 5 frameworks.
- Experience with HITRUST CSF alignment and certification preparation.
Responsibilities
- Lead annual enterprise security risk assessment using industry-standard frameworks.
- Build and maintain a comprehensive risk register with mitigation plans.
- Collaborate with stakeholders to validate findings and support governance efforts.
Skills
Job description
Technical Specialist, Information Security Risk Analyst - Senior
- The North Carolina Health Information Exchange Authority is seeking a skilled Information Security Risk Analyst on a contract basis to lead the execution of its annual enterprise security risk assessment.
- This engagement ensures compliance with industry-standard frameworks, supports proactive risk mitigation, & positions NC HIEA for future HITRUST certification. Plan and conduct NC HIEA’s annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies.
- Ensure full alignment with NIST SP 800-53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more.
- Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL).
- Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
- Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
- Develop and deliver documentation, dashboards, and executive summaries.
- Collaborate with internal stakeholders to validate findings and support security governance efforts.
Skill Matrix:
- Experience in IT risk management, cybersecurity, or information security assessment. Highly desired 5 Years
- Demonstrated knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and NIST Privacy Framework. Highly desired 5 Years
- Experience performing security and privacy risk assessments with documentation aligned to federal and state standards. Highly desired 5 Years
- Familiarity with HIPAA Security and Privacy Rules, and healthcare-specific risk domains. Highly desired 5 Years
- Experience with HITRUST CSF alignment or certification preparation. Highly desired 5 Years
- Strong written and verbal communication skills for technical and executive audiences. Highly desired 5 Years
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
job faster
