EITS Security Risk Analyst B (Engagement)--Remote Job
DELTASOFT SOLUTIONS LLC•San Francisco, CA
•Remote
About The Position
Serve as a liaison between the CISO’s strategic initiatives and the IT operational teams. Translate business IT risk requirements into technical control specifications. Develop risk metrics for performance measurement and reporting. Coordinate enterprise-level security and risk management efforts. Act as a subject matter expert (SME) on information security and regulatory compliance.
Requirements
- Minimum 7 years of IT experience
- At least 5 years in IT Security Risk Management / Risk Audit / Data Privacy Investigation
- Minimum 2 years in a supervisory capacity
- Strong understanding of EMR systems
- Strong understanding of PHI data privacy
- Strong understanding of Healthcare regulatory environment
- Experience with HIPAA, Joint Commission, CMS regulations
- Hands-on experience with GRC tools (ServiceNow, Archer, MetricStream preferred)
- Working knowledge of NIST CSF
- Working knowledge of HITECH
- Working knowledge of ISO 27001/27002
- Working knowledge of PCI DSS
- Working knowledge of COBIT
- Experience reviewing IT solution requirements and implementing security controls
- Strong analytical and risk assessment skills
- Ability to design compensating controls for security vulnerabilities
- Ability to assess business impact of security tools and policies
- Bachelor’s degree in Information Systems or related field
Nice To Haves
- CISSP
- CISA
- CRISC
- Other relevant security certifications
- High integrity and ability to work independently
- Strong communication and reporting skills
- Ability to work in fast-moving environments
- Experience participating in special projects
- Ability to support various locations and flexible shifts if required
Responsibilities
- Maintain and enforce the enterprise information security and risk management framework.
- Conduct risk analysis and develop mitigation strategies.
- Monitor and assess the enterprise threat landscape.
- Provide realistic risk reporting to the CISO and leadership teams.
- Track and document internal risk reviews, assessments, and exceptions using a GRC tool.
- Document and maintain risk governance methodologies, policies, and procedures.
- Ensure compliance with HIPAA, Joint Commission, DSRIP, COBIT, and State privacy laws.
- Conduct and support internal and external audits (operational, compliance, reputational, security).
- Serve as SME for EMR and PHI-related security risks.
- Perform enterprise security risk assessments and gap analyses for new technologies and products.
- Develop and manage risk remediation plans and work plans.
- Identify information asset owners for data classification initiatives.
- Support risk exception and risk acceptance documentation processes.
- Partner with enterprise architecture teams to align business, technical, and security requirements.
- Collaborate with security engineering teams to implement security controls.
- Facilitate meetings between stakeholders and IT teams.
- Provide written and verbal reports to leadership and committees (including Operational Risk Committee).
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Senior
