Mid Level Security Analyst - MN

Information Security Analyst (Healthcare) - Remote

The Risk & Controls Analyst Senior is responsible for executing and developing processes to ensure IT's compliance with regulatory, industry, and client security requirements. This role involves working with cross-functional teams and management to design and execute the operational processes needed to support the Security Governance, Risk, and Compliance program.

1. Identify security issues and risks, and develop mitigation plans.
2. Architect, design, implement, support, and evaluate security-focused tools and services, including project leadership roles.
3. Develop and interpret security policies and procedures.
4. Participate in security compliance efforts.
5. Develop and deliver training materials and perform security awareness and technology training.
6. Evaluate and recommend new and emerging security products and technologies.

1. Bachelor's degree in a technical field such as computer science, computer engineering, or related field.
2. 10+ years of experience in security engineering, system and network security, authentication, security protocols, cryptography, and application security.
3. Strong experience and detailed technical knowledge in security solutions.
4. Experience in infrastructure or application-level vulnerability testing and auditing.

1. Conduct and lead vendor and system risk assessments.
2. Coordinate responses to client RFPs and assessment requests.
3. Review security language in client and vendor contracts and modify as needed.
4. Review evidence and verify controls are effective and compliant with standards such as HITRUST, SOC 2, HIPAA, and client contracts.
5. Assist in developing and implementing reporting processes and metrics for monitoring risk and controls.
6. Work with IT and auditors to develop and validate audit scope, action plans, and remediation strategies.
7. Perform other duties as assigned.

Contact: DICEcclausen@c4techservices.com