Information Security Risk Analyst

Overview

Remote
On Site
USD70 - USD78
Contract - W2

Skills

Information Security Risk Analyst

Job Details

job summary:

Information Security Risk Analyst (Contract)


Overview


A state health information exchange authority is seeking a skilled Information Security Risk Analyst on a contract basis to lead the execution of its annual enterprise security risk assessment. This critical role will ensure compliance with industry-standard frameworks, support proactive risk mitigation, and position the organization for future HITRUST certification.


Primary Responsibilities


Risk Assessment Planning and Execution



  • Plan, schedule, and conduct the annual enterprise security risk assessment
  • Apply industry-standard methodologies including NIST SP 800-30, ISO 27005, or FAIR
  • Coordinate with technical teams and business units to gather necessary information
  • Document existing controls and identify control gaps


Regulatory and Standards Compliance



  • Ensure full alignment with NIST SP 800-53 Revision 5 control families, including:


    • Risk Assessment (RA)
    • Access Control (AC)
    • System Communications Protection (SC)
    • Incident Response (IR)
    • Additional applicable control families

  • Incorporate privacy-focused frameworks:


    • NIST Privacy Framework requirements
    • NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL)



Risk Management



  • Build and maintain a comprehensive risk register documenting all identified risks
  • Develop detailed treatment plans for each identified risk (mitigation, transfer, acceptance, or avoidance)
  • Prioritize risks based on potential impact and likelihood
  • Map identified risks and mitigation efforts to HITRUST CSF control domains to support future certification efforts


Reporting and Stakeholder Communication



  • Develop and deliver comprehensive documentation of assessment findings
  • Create executive dashboards and summaries for leadership review
  • Present findings to technical and non-technical stakeholders
  • Collaborate with internal teams to validate findings and gain consensus
  • Support security governance efforts through clear communication



location: Raleigh, North Carolina

job type: Contract

salary: $70 - 78 per hour

work hours: 8am to 5pm

education: Bachelors



responsibilities:

Primary Responsibilities


Risk Assessment Planning and Execution



  • Plan, schedule, and conduct the annual enterprise security risk assessment
  • Apply industry-standard methodologies including NIST SP 800-30, ISO 27005, or FAIR
  • Coordinate with technical teams and business units to gather necessary information
  • Document existing controls and identify control gaps


Regulatory and Standards Compliance



  • Ensure full alignment with NIST SP 800-53 Revision 5 control families, including:


    • Risk Assessment (RA)
    • Access Control (AC)
    • System Communications Protection (SC)
    • Incident Response (IR)
    • Additional applicable control families

  • Incorporate privacy-focused frameworks:


    • NIST Privacy Framework requirements
    • NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL)



Risk Management



  • Build and maintain a comprehensive risk register documenting all identified risks
  • Develop detailed treatment plans for each identified risk (mitigation, transfer, acceptance, or avoidance)
  • Prioritize risks based on potential impact and likelihood
  • Map identified risks and mitigation efforts to HITRUST CSF control domains to support future certification efforts


Reporting and Stakeholder Communication



  • Develop and deliver comprehensive documentation of assessment findings
  • Create executive dashboards and summaries for leadership review
  • Present findings to technical and non-technical stakeholders
  • Collaborate with internal teams to validate findings and gain consensus
  • Support security governance efforts through clear communication


qualifications:

Qualifications


Required Skills and Experience



  • Proven experience conducting enterprise security risk assessments in healthcare or similarly regulated environments
  • In-depth knowledge of NIST SP 800-53, NIST Cybersecurity Framework, and NIST Privacy Framework
  • Experience with risk assessment methodologies (NIST SP 800-30, ISO 27005, or FAIR)
  • Familiarity with HITRUST CSF and certification requirements
  • Strong analytical skills with ability to translate technical findings into business impact
  • Excellent communication skills and experience presenting to executive audiences
  • Experience creating and managing risk registers and treatment plans


Preferred Qualifications



  • Relevant certifications (CISSP, CISA, CRISC, CISM, or similar)
  • Prior experience with healthcare information exchanges or protected health information
  • Knowledge of healthcare compliance requirements (HIPAA, HITECH)
  • Experience with risk management tools and GRC platforms


skills: Qualifications


Required Skills and Experience



  • Proven experience conducting enterprise security risk assessments in healthcare or similarly regulated environments
  • In-depth knowledge of NIST SP 800-53, NIST Cybersecurity Framework, and NIST Privacy Framework
  • Experience with risk assessment methodologies (NIST SP 800-30, ISO 27005, or FAIR)
  • Familiarity with HITRUST CSF and certification requirements
  • Strong analytical skills with ability to translate technical findings into business impact
  • Excellent communication skills and experience presenting to executive audiences
  • Experience creating and managing risk registers and treatment plans


Preferred Qualifications



  • Relevant certifications (CISSP, CISA, CRISC, CISM, or similar)
  • Prior experience with healthcare information exchanges or protected health information
  • Knowledge of healthcare compliance requirements (HIPAA, HITECH)
  • Experience with risk management tools and GRC platforms




Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact

Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including health, an incentive and recognition program, and 401K contribution (all benefits are based on eligibility).

This posting is open for thirty (30) days.


It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.



Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.