Reporting to the IS Risk Manager, the IS Associate Risk Analyst will assist with the information security risk assessment program through active engagement with business owners including data gathering, analysis, and reporting.
Under the direction of the IS Risk Manager, the IS Associate Risk Analyst will be responsible for assisting in establishing, documenting, and executing a risk assessment and treatment process for ensuring that organizational departments and third-parties meet our client's expectations for protecting data.
The IS Associate Risk Analyst will assist with information security aspects of business initiatives and IT projects to assist in mitigating security risks for information, business and operational applications, and systems across the organization.
Executes the day-to-day operational responsibilities and activities of the Security Awareness Program, including developing content for and delivering through a variety of communications vehicles;
Executes the day-to-day operational responsibilities and activities of the Security Training Program, including development and delivery of training materials;
Develops and delivers ad-hoc Information Security communications to the workforce;
Assists with developing, deploying, and maintaining an objective risk assessment methodology for threat, compliance, risk identification, prioritization, and relative comparison of information security and compliance risks;
Evaluates and audits internal controls to ensure compliance with authoritative obligations;
Evaluates and assists with identifying information security requirements and/or recommendations to reduce risk using guidance from policy, standards, best practices, and knowledge of the threat environment;
Evaluates and ensures compliance of organization's hardware and software with IS Security policies and industry security standards;
Assists in the execution of third-party risk assessment and treatment process;
Participates, when necessary, in requirement, design, and approach sessions with Office of Information Security team;
Assists with front line response for troubleshooting low-level information security issues as needed;
Assists in research and evaluation of new security products and services;
Researches and stays current on security best practices and technologies, threats and vulnerabilities, and information security related regulations;
Updates and develops risk management processes and submits to the IS Risk Manager for approval;
Determines appropriate security controls necessary to maintain compliance with authoritative obligations. This involves interpretation, risk analysis, and identification of appropriate safeguards to mitigate the risks, and overseeing their implementation;
Assists leadership with information services risk management projects; and
Performs other duties as assigned.
REQUIRED KNOWLEDGE & SKILLS:
Influencing and negotiating
Responsiveness to customers
Developing self and others
Confidence and high integrity
Understanding of information security and privacy concepts and practices
Understanding of information technology concepts and practices
Ability to analyze security risks using a balanced approached and exercising excellent judgment skills
Ability to communicate effectively
Ability to think and plan creatively and effectively
Ability to understand and assess business risk
Ability to relate with regulators and other external auditors and understand their needs
Ability to maintain professional image and enthusiasm
Ability to operate with great latitude and resourcefulness multiple cross-functional teams
I. Education: Bachelor's degree or equivalent experience.
II. Experience : 1-3 years of relevant experience.
III. Certification/Licensure: N/A
IV. Software/Hardware: Microsoft Office suite; Meditech.
V. Other: Familiarity with contractual, municipal, state and federal privacy and security requirements, including: HIPAA, HITECH, Omnibus, Meaningful Use, MA-201.CMR.17, MA-93h, MA-93i; Familiarity with best practice Information Security and Risk Management Frameworks, including: ISO-27000, ISO-20000, NIST-SP-800, HITRUST and FIPS/FISMA, COBIT, GIAC