Remote: Risk Analyst, Cyber Security

IntePros is seeking a Risk Analyst to join our global healthcare services client. This person will conduct security assessments, monitor compliance with security policies by reviewing violation reports and investigating exceptions, and maintain documentation of security controls. Additionally, they will collaborate with third parties and internal departments to facilitate risk analysis and management processes. They will play a crucial role in communicating and educating both IT and business stakeholders on security policies and industry standards to address enterprise and business security challenges. They will focus on developing and driving security strategies, policies, and standards, ensuring the effectiveness of solutions, and providing security-focused consultative services to the organization. T They also communicate and educate IT and business units on security policies and industry standards while providing solutions for enterprise and business security issues.

Primary Duties And Responsibilities

• Manages and performs regulatory and security assessments on various business units across the company.
• Provides strategic and tactical suggestions and consultation on information security policies, procedures, and standards, as well as compliance.
• Participates in security planning and analyst activities.
• Monitors compliance with security policies, standards, guidelines, and procedures.
• Assists in the development of processes and procedures for the information security governance program, including control document reviews, participant assessment preparation, meeting coordination, assessment finding mediation, assisting control owners with remediation plan development, tracking findings through remediation, progress monitoring, reporting, and escalation.
• May engage directly with the business to gather a full understanding of risk scope and business requirements.
• Works with customers to identify security requirements using methods that may include risk and business impact assessments.
• Works directly with customers, third parties, and other internal departments and organizations to facilitate information security risk analysis and risk management processes and to identify acceptable levels of residual risk.
• Participates in the continued improvements of a Global Risk Framework.
• Reviews risk assessments, analyzes the effectiveness of information security control activities, and reports on them with actionable recommendations.
• Monitors risk mitigation and coordinates policy and controls to ensure that other managers are taking effective remediation steps.
• Assists, performs, or leads the security assessments and performs security attestations.
• Leads and reviews application security risk assessments for new or updated internal or third-party applications.
• Maintains contact with vendors regarding security system updates and technical support of security products.
• Interfaces with business and IT leaders, communicating security issues and responding to requests for assistance and information.
• Conducts knowledge transfer training sessions to the security operations team upon technology implementation.
• Provides ongoing knowledge transfer to team members and clients on security products and standards.
• Mentors less-experienced team members.
• Performs related duties as assigned.
  
  

Experience And Educational Requirements

• Bachelor's Degree in Computer Science, Information Systems, or other related field, or equivalent work experience.
• Typically requires 5-7 years of combined IT and security work experience with a broad range of exposure to systems analysis, application development, and systems administration, along with 2-3 years of experience with IT security and Cyber Risk Management.
• Experience designing and implementing security solutions.
  
  

Minimum Skills, Knowledge, And Ability Requirements

• Requires in-depth knowledge of security issues, techniques, and implications across all existing computer platforms.
• Strong computer skills in order to operate effectively with company systems and programs; working knowledge of applicable computer applications used at ABC.
• Working knowledge of network solutions and systems.
• Good analytical and problem-solving skills.
• Ability to communicate effectively both orally and in writing.
• Good interpersonal skills.
• Ability to prioritize workload and consistently meet deadlines.
• Strong organizational skills; attention to detail.
• Ability to communicate effectively with both technical and non-technical leaders.
• Able to identify potential risks and propose solutions.
• Understands Information Security as it relates to the business and other areas of IT; understands direct impacts and risks.
• Demonstrated sound understanding of at least two of the following standards: ISO 27001/27002, COBIT, ITIL, NIST, and PCI.
• Certification in at least one Information Security relevant area such as Audit (CISA), Security Management (CISM), Security Professional (CISSP), with business experience in a matrix organization required.
• Directly applicable international/global experience desired.