Sr Information Security Risk Analyst

Overview

On Site
$90 - $95
Full Time

Skills

Risk Management
HITRUST
NIST
HIPAA

Job Details

Job Title: Sr Information Security Risk Analyst

Location: Raleigh, NC (Onsite)

Position Overview:

  • This engagement ensures compliance with industry-standard frameworks, supports proactive risk mitigation, & positions NC HIEA for future HITRUST certification.
  • Plan and conduct NC HIEA s annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies.
  • Ensure full alignment with NIST SP 800-53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more.
  • Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL).
  • Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
  • Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
  • Develop and deliver documentation, dashboards, and executive summaries.
  • Collaborate with internal stakeholders to validate findings and support security governance efforts.
Required/ Desired Skills
Skill
Years Used
Experience in IT risk management, cybersecurity, or information security assessment.
Demonstrated knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and NIST Privacy Framework.
Experience performing security and privacy risk assessments with documentation aligned to federal and state standards
Familiarity with HIPAA Security and Privacy Rules, and healthcare-specific risk domains.
Experience with HITRUST CSF alignment or certification preparation
Strong written and verbal communication skills for technical and executive audiences.
Customer service focused.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.