Senior Risk Assessment Analyst

hitrust, iso, cmr, hitech, hipaa, security, procedure, policy, risk assessment
Full Time
$100,000 - $120,000
Work from home not available Travel not required

Job Description

Reporting to the IS Risk Manager, the IS Associate Risk Analyst will assist with the information security risk assessment program through active engagement with business owners including data gathering, analysis, and reporting.

Under the direction of the IS Risk Manager, the IS Associate Risk Analyst will be responsible for assisting in establishing, documenting, and executing a risk assessment and treatment process for ensuring that organizational departments and third-parties meet our client's expectations for protecting data.

The IS Associate Risk Analyst will assist with information security aspects of business initiatives and IT projects to assist in mitigating security risks for information, business and operational applications, and systems across the organization.


Executes the day-to-day operational responsibilities and activities of the Security Awareness Program, including developing content for and delivering through a variety of communications vehicles;

Executes the day-to-day operational responsibilities and activities of the Security Training Program, including development and delivery of training materials;

Develops and delivers ad-hoc Information Security communications to the workforce;

Assists with developing, deploying, and maintaining an objective risk assessment methodology for threat, compliance, risk identification, prioritization, and relative comparison of information security and compliance risks;

Evaluates and audits internal controls to ensure compliance with authoritative obligations;

Evaluates and assists with identifying information security requirements and/or recommendations to reduce risk using guidance from policy, standards, best practices, and knowledge of the threat environment;

Evaluates and ensures compliance of organization's hardware and software with IS Security policies and industry security standards;

Assists in the execution of third-party risk assessment and treatment process;

Participates, when necessary, in requirement, design, and approach sessions with Office of Information Security team;

Assists with front line response for troubleshooting low-level information security issues as needed;

Assists in research and evaluation of new security products and services;

Researches and stays current on security best practices and technologies, threats and vulnerabilities, and information security related regulations;

Updates and develops risk management processes and submits to the IS Risk Manager for approval;

Determines appropriate security controls necessary to maintain compliance with authoritative obligations. This involves interpretation, risk analysis, and identification of appropriate safeguards to mitigate the risks, and overseeing their implementation;

Assists leadership with information services risk management projects; and

Performs other duties as assigned.


Behavioral Competencies:


Organizational astuteness

Influencing and negotiating

High standards


Responsiveness to customers

Analytical thinking

Developing self and others

Confidence and high integrity

Process improvement



Technical Skills:

Understanding of information security and privacy concepts and practices

Understanding of information technology concepts and practices

Ability to analyze security risks using a balanced approached and exercising excellent judgment skills

Ability to communicate effectively

Ability to think and plan creatively and effectively

Ability to understand and assess business risk

Ability to relate with regulators and other external auditors and understand their needs

Ability to maintain professional image and enthusiasm

Ability to operate with great latitude and resourcefulness multiple cross-functional teams


I. Education: Bachelor's degree or equivalent experience.

II. Experience : 1-3 years of relevant experience.

III. Certification/Licensure: N/A

IV. Software/Hardware: Microsoft Office suite; Meditech.

V. Other: Familiarity with contractual, municipal, state and federal privacy and security requirements, including: HIPAA, HITECH, Omnibus, Meaningful Use, MA-201.CMR.17, MA-93h, MA-93i; Familiarity with best practice Information Security and Risk Management Frameworks, including: ISO-27000, ISO-20000, NIST-SP-800, HITRUST and FIPS/FISMA, COBIT, GIAC

Posted By

Matt McLaughlin

Dice Id : 10114130
Position Id : 073598
Originally Posted : 2 years ago
Have a Job? Post it

Similar Positions

QA Manager
  • cyberThink, Inc.
  • Needham, MA
KYC Remediation/Client Onboarding - Team Lead, Contract to Hire
  • Information Technology Group
  • Andover, MA
Veeva System Administrator
  • K-Tek Resourcing LLC
  • Boston, Massachusetts
  • MATRIX Resources, Inc.
  • Woonsocket, RI
IT Analyst/Data Migration Consultant
  • RAPS Consulting Inc
  • Wilmington, MA
Kronos Program Manager
  • Diaspark Inc.
  • Norwell, MA
Java spring AWS developer
  • Avanciers LLC
  • Boston, MA
Senior Quality Engineer
  • Softworld, Inc.
  • Quincy, MA
Sr. SQL Developer
  • HMG America
  • Norwell, MA
Quality Engineer Business Analyst
  • Eliassen Group
  • Boston, MA
Senior QA Tester
  • MARRS Professional Services Inc
  • Boston, MA
Lead QA Engineer
  • Waters Corporation
  • Millford, MA
I.T. Service Delivery Manager
  • Norwin Technologies
  • Boston, MA
Sr. Security Engineer
  • VLink Inc
  • Quincy, MA