Remote Information Security Risk Analyst - Senior (REMOTE)

Description:

• The Client is seeking a skilled Information Security Risk Analyst on a contract basis to lead the execution of its annual enterprise security risk assessment.
• This engagement ensures compliance with industry-standard frameworks, supports proactive risk mitigation, and positions the client for future HITRUST certification.
• The analyst will plan and conduct the client annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies.
• The role requires ensuring full alignment with NIST SP 800-53 Revision 5, including Risk Assessment (RA), Access Control (AC), System Communications Protection (SC), Incident Response (IR), and more.
• The analyst will incorporate the NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families, including AP, AR, DI, DM, IP, SE, TR, and UL.
• Responsibilities include building and maintaining a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
• The analyst will map risks and mitigation efforts to HITRUST CSF control domains to support future certification.
• Development and delivery of documentation, dashboards, and executive summaries are also required.
• Collaboration with internal stakeholders to validate findings and support security governance efforts is essential.

Requirements:

• A minimum of 5 years of experience in IT risk management, cybersecurity, or information security assessment is required.
• Demonstrated knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and the NIST Privacy Framework is highly desired.
• Candidates should have at least 5 years of experience performing security and privacy risk assessments with documentation aligned to federal and state standards.
• Familiarity with HIPAA Security and Privacy Rules, as well as healthcare-specific risk domains, is highly desired.
• Experience with HITRUST CSF alignment or certification preparation is also required.
• Strong written and verbal communication skills for technical and executive audiences are essential.

Benefits:

• This position offers a contract duration of 12+ months.
• The role is remote, providing flexibility in work location.
• The opportunity to lead significant security risk assessments and contribute to future HITRUST certification is a key benefit.
• Collaboration with internal stakeholders allows for professional networking and development within the field of information security.