Information Security Risk Analyst (REMOTE)

Job Title: Information Security Risk Analyst (REMOTE)

Location: Raleigh, NC

Duration: 12+ Months

Job Description:

The Client is seeking a skilled Information Security Risk Analyst on a contract basis to lead the execution of its annual enterprise security risk assessment.

This engagement ensures compliance with industry-standard frameworks, supports proactive risk mitigation, & positions the client for future HITRUST certification. Plan and conduct the client annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies.

• Ensure full alignment with NIST SP 800-53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more.
• Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL).
• Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
• Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
• Develop and deliver documentation, dashboards, and executive summaries.
• Collaborate with internal stakeholders to validate findings and support security governance efforts.

Skills:

• Experience in IT risk management, cybersecurity, or information security assessment.-Highly Desired-5-Years
• Demonstrated knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and NIST Privacy Framework.-Highly Desired-5-Years
• Experience performing security and privacy risk assessments with documentation aligned to federal and state standards.-Highly Desired-5-Years
• Familiarity with HIPAA Security and Privacy Rules, and healthcare-specific risk domains.-Highly Desired-5-Years
• Experience with HITRUST CSF alignment or certification preparation.-Highly Desired-5-Years
• Strong written and verbal communication skills for technical and executive audiences.-Highly Desired-5-Years