Information Security & Risk Analyst, Senior II- Team Lead

About The Position

Requirements

• 4-year Bachelor's degree or Master's degree(preferred)
• 6-10 years of information security audit or compliance experience
• Strong understanding of information security best practices and security frameworks (NIST CSF, ISO 27001, ISO27005, CIS Controls, HITRUST, etc.)
• Knowledge of databases, common operating systems (Windows/Linux), and networking
• CISA, CRISC, CISM, CISSP, CIA, or equivalent information security and audit understanding
• Experience with HIPAA, DOL Information security best practices, international, federal, and state privacy laws
• Knowledge of common security solutions (Firewall, WAF, Vulnerability Scanning, XDR, etc.)
• Fundamental cloud security understanding (Azure and AWS)
• Experience with multi-year control framework implementations

Nice To Haves

• Ability to work with various IT and Business teams to address sensitive topics and risk
• Strong management and business communication skills
• Expertise in project management and prioritization
• Highly motivated team player with a desire to improve the information security program

Responsibilities

• Lead the development, implementation, and maintenance of information security policies, standards, and procedures
• Manage the risk assessment and risk treatment process including maintaining the enterprise risk register
• Ensure alignment with regulatory and industry requirements (HITRUST, HIPAA, HITECH, SOC 2, NIST CSF/800-53, ISO 27001)
• Partner with business units to ensure security and risk considerations are embedded in projects and operations
• Leverage a wide range of technologies to help identify, track, and respond to risk
• Manage and improve the third-party risk management program to control supply chain risk
• Manage the development and implementation of security awareness content and training based on company needs and current and emerging threats
• Provide onboarding training for hired employees and vendors
• Assist with incident and compliance investigations and support incident documentation and reporting
• Partner with IT and business teams on security reviews and adhoc client requests
• Help develop, implement, maintain, and improve policies and procedures consistent with regulatory and business requirements
• Ensure new architecture and business practices meet compliance requirements
• Manage external IT and Information security audits and drive audit findings to closure
• Document and implement control testing procedures in alignment with information security management framework
• Be an active participant in building the Information security program by evaluating and suggesting new solutions and ideas

Benefits

• Competitive pay
• Rich medical, vision and dental benefits with low premiums. One of the top health plans in Utah
• Rich retirement planning: including 401(k) company match, 8% EDRC Employer Discretionary Retirement Contribution (we just give you free money for retirement), life insurance, and full service Financial Planners onsite at no cost
• Generous paid leave plan that starts accruing your first day, your birthday off, additional sick leave and 12 paid holidays
• Award winning wellness program with health coaching, ability to earn 3 additional days off a year, fun activities and an onsite gym.
• Tuition reimbursement
• Career development through company sponsored programs and over 5000 on-demand online training courses.
• Hybrid work schedules available depending on position
• Employee Assistance Program