Senior Information Security Risk Analyst (HITRUST / NIST / HIPAA)

Job Title: Senior Information Security Risk Analyst (HITRUST / NIST / HIPAA)

Location: Remote

Employment Type: Contract

Experience Required: 10+ Years

Position Overview

We are seeking a highly experienced Senior Information Security Risk Analyst to lead enterprise risk assessment, governance, and compliance initiatives aligned with HITRUST, NIST, and HIPAA frameworks.

This engagement focuses on ensuring alignment with NIST SP 800-53 Rev. 5, conducting risk assessments under NIST SP 800-30, incorporating the NIST Privacy Framework, and positioning the organization for future HITRUST CSF certification.

The ideal candidate will have deep expertise in cybersecurity governance, risk management, and regulatory compliance within highly regulated environments (e.g., healthcare or BFSI).

Key Responsibilities

Risk Assessment & Governance

• Build and maintain a comprehensive enterprise risk register, including treatment plans (mitigation, transfer, acceptance, avoidance).

• Conduct formal risk assessments aligned with NIST SP 800-30.

• Identify and evaluate risks related to data protection, vendor risk, and regulatory compliance.

Framework Alignment & Compliance

• Ensure full alignment with NIST SP 800-53 Rev. 5 control families, including:

  • RA - Risk Assessment

  • AC - Access Control

  • SC - System & Communications Protection

  • IR - Incident Response

  • Additional relevant control domains

• Map risks and mitigation efforts to HITRUST CSF control domains to support future certification readiness.

• Incorporate requirements from the NIST Privacy Framework into governance processes.

• Support and validate HIPAA compliance initiatives.

Documentation & Executive Reporting

• Develop detailed security documentation, dashboards, and executive-level summaries.

• Provide risk posture updates and remediation tracking reports to leadership.

• Maintain audit-ready documentation for regulatory and certification efforts.

Stakeholder & Governance Collaboration

• Collaborate with internal stakeholders across Security, IT, Compliance, and Business units.

• Validate findings, support remediation planning, and strengthen governance controls.

• Provide guidance on vendor risk assessments and third-party risk management.

Required Skills & Qualifications

• 10+ years of experience in Information Security Risk Management / GRC.

• Strong hands-on experience with:

  • HITRUST CSF (including certification readiness and risk mapping)

  • HIPAA compliance requirements

  • NIST SP 800-30 (Risk Assessment)

  • NIST SP 800-53 Rev. 5

  • NIST Privacy Framework

• Experience building and managing enterprise-level risk registers.

• Strong knowledge of cybersecurity governance and vendor risk assessment processes.

• Experience developing executive dashboards and reporting artifacts.

• Excellent communication and stakeholder management skills.

Preferred Experience

• Experience in healthcare or BFSI regulated environments.

• Prior experience supporting HITRUST certification initiatives.

• Familiarity with risk tooling and GRC platforms.

Technical & Functional Skills

Cybersecurity GRC | HITRUST CSF | HIPAA | NIST SP 800-30 | NIST SP 800-53 Rev. 5 | NIST Privacy Framework | Risk Register Management | Vendor Risk Assessment | Security Governance

Key Competencies

• Strong analytical and risk evaluation skills

• Executive-level reporting and communication

• Ability to drive compliance initiatives independently

• Strong governance and regulatory alignment expertise