Information Security Risk Analyst - Intermediate

About the position Responsibilities • Lead and conduct comprehensive information security risk analysis for IT assets, applications, processes, medical devices and third-party vendors. • Evaluate threats and vulnerabilities affecting the confidentiality, integrity, and availability of electronic protected health information (ePHI) and any other confidential or sensitive information, ensuring alignment with HIPAA Security Rule requirements and other applicable regulatory frameworks (e.g., NIST). • Lead and manage risk management initiatives based on analysis of outcomes, including maintaining the organization's risk register and scoring methodology. • Oversee corrective action plans (CAPs), penetration testing results, audit findings, and risk treatment outcomes. • Collaborate with IT partners and key stakeholders to prioritize, implement, and track remediation efforts. • Monitor regulatory changes and industry threats to proactively identify emerging risks, recommend mitigation strategies, and document findings. • Contribute to risk reporting, including executive dashboards, and participate in risk acceptance processes and governance reviews. • Contribute to the development, review, and improvement of cybersecurity policies, standards, and procedures. • Evaluate policy exceptions and assist in documenting decisions for governance committees. • Enhance the organization's cybersecurity awareness and training efforts by communicating risk insights to technical and non-technical audiences. Requirements • Bachelor's degree required in Information Security, Computer Science, Engineering, Information Technology, or a related field; master's degree preferred. • 3+ years of experience in cybersecurity, information security risk management, audit; healthcare industry experience strongly preferred. • Demonstrated experience with risk assessment methodologies, auditing, information security practices, and familiarity with risk management platforms and risk registers. • Strong understanding of regulatory compliance and industry best practices towards maintaining compliance with HIPAA, NIST and other relevant healthcare regulations and standards. • One or more of the following certifications are required or must be obtained within 12 months of hire: CRISC, CISM, CISA or any other applicable certification. • Ability to lead and structure risk assessments with limited supervision. • Ability to manage multiple concurrent assessments and projects in a fast-paced healthcare setting. • Experience preparing both detailed technical risk reports and executive-level summaries, tailored to varied audiences to support informed decision-making and governance oversight. • Ability to build strong cross-functional relationships and collaboration across departments, including IT, Legal, Compliance, Clinical Operations, and Privacy, to support a collaborative approach to risk management and governance. • Strong written and verbal communication and interpersonal skills, including ability to translate technical findings into business-relevant language for leadership audiences. • Experience tracking audit findings, third party vendor risks, and remediation efforts. • Familiarity with security platforms and tools. • Ability to analyze contractual security language to identify risk exposure and recommend controls. • Ability to learn quickly and work effectively in a team environment. • Ability to understand and work with healthcare professionals, educators, and researchers. • Ability to integrate cybersecurity risk management with business operations, healthcare delivery, and IT services. Apply tot his job Apply tot his job