Overview
Skills
Job Details
Title: Information Security Risk Analyst - Remote
Mandatory skills:
IT risk management, cybersecurity, or information security assessment,
NIST SP 800-30, NIST SP 800-53 Rev. 5, NIST Privacy Framework, ISO 27005, FAIR,
Risk Assessment, Access Control, System Communications Protection, Incident Response,
privacy control, Authority and Purpose, Accountability, Audit, and Risk Management, Data Quality and Integrity, Data Minimization and Retention, Individual Participation and Redress, Security, Transparency, Use Limitation,
security risk assessments, privacy risk assessment,
HIPAA, HITRUST CSF, Security and Privacy Rules,
treatment plans, mitigation, transfer, acceptance, avoidance,
documentation, dashboard, executive summary
Description:
The client is seeking a skilled Information Security Risk Analyst on a contract basis to lead the execution of its annual enterprise security risk assessment.
This engagement ensures compliance with industry-standard frameworks, supports proactive risk mitigation, & positions client for future HITRUST certification. Plan and conduct the client s annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies.
Ensure full alignment with NIST SP 800-53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more.
Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL).
Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
Develop and deliver documentation, dashboards, and executive summaries.
Collaborate with internal stakeholders to validate findings and support security governance efforts.
Require/Desired Skills:
Skill - Required / Desired - Amount of Experience
Experience in IT risk management, cybersecurity, or information security assessment. - Highly desired - 5 Years
Demonstrated knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and NIST Privacy Framework. - Highly desired - 5 Years
Experience performing security and privacy risk assessments with documentation aligned to client standards. - Highly desired - 5 Years
Familiarity with HIPAA Security and Privacy Rules, and healthcare-specific risk domains. - Highly desired - 5 Years
Experience with HITRUST CSF alignment or certification preparation. - Highly desired - 5 Years
Strong written and verbal communication skills for technical and executive audiences. - Highly desired - 5 Years
Note:
Remote
VIVA USA is an equal opportunity employer and is committed to maintaining a professional working environment that is free from discrimination and unlawful harassment. The Management, contractors, and staff of VIVA USA shall respect others without regard to race, sex, religion, age, color, creed, national or ethnic origin, physical, mental or sensory disability, marital status, sexual orientation, or status as a Vietnam-era, recently separated veteran, Active war time or campaign badge veteran, Armed forces service medal veteran, or disabled veteran. Please contact us at for any complaints, comments and suggestions.
Contact Details :
VIVA USA INC.
3601 Algonquin Road, Suite 425
Rolling Meadows, IL 60008