100% REMOTE OPPORTUNITY!!! Our client, a Healthcare Insurance organization, is seeking a Cyber Security Risk Analyst to ensure the organization's data remains protected from inappropriate access, disclosure and/or damage buy assessing, documenting, and socializing risk. Under the supervision of the Manager, Cybersecurity Risk and Compliance, the incumbent-s accountabilities include, but are not limited to the following:
- Support the Cybersecurity Risk Management program providing support and guidance to a team of technically diverse cybersecurity specialists personnel while further supporting collaboration across the various risk related teams in the organization.
- Support continuous monitoring efforts by partnering with TPRM, Procurement, Legal, and key business stakeholders.
- Support the assessment of cybersecurity controls, identify gaps, assist in development of mitigation strategies, and manage them to closure.
- Collaborate with internal and external teams to assess, monitor, and manage risks.
- Work with business teams to conduct thorough assessments to identify potential risks to the organization. This includes evaluating their security practices, data handling procedures, and regulatory compliance (e.g., HIPAA, PCI, GDPR, etc.)
- Represent Cybersecurity from a Cybersecurity Risk Management perspective and execute security risk management leadership through the design and implementation of cybersecurity controls to maintain the confidentiality, integrity and availability of information systems and data.
- Prepare detailed risk assessment reports, clearly articulating findings and recommendations and maintain a comprehensive repository of all risk assessments and associated documentation.
- Conduct risk analyses to ensure consistency in the detailed risk assessment lifecycle inclusive of identification, socialization, mitigation, and closure.
- Design, implement, and integrate security solutions to address enterprise risks and exposures.
- Develop and maintain Information Security Risk Metrics supported by KPIs and KRIs to support the analytics team.
- Test and report on new technologies to address security concerns and work closely with the vulnerability management team on the identified risks.
- Support CareFirst compliance/risk management efforts in support of NIST, FedRAMP, and HIPAA to include but not limited to: external assessment readiness/support, self-assessments, risk assessments, Plans-Of-Action-and-Milestone (POA&M) management, continuous monitoring.
- Education Level: Bachelor's Degree in Computer Science, Cyber Security, Information Technology, or related field is required.
- Experience: 4+ years of relevant cyber security experience, specifically in Risk Management. Must have 3rd party risk assessment (supplier risk) knowledge
- Significant understanding of NIST Risk Management Framework and Information Security Risk Management methodologies including FAIR quantitative model
- Ability to understand, develop, and socialize security policies, standards, and procedures.
- Knowledge of HIPPA / PHI security standards
- Knowledge of cyber security related risk management techniques is required
- Knowledge of network architecture and firewall security
- Understanding of business needs and commitment to delivering high-quality, prompt, and efficient service
** Preferred **
- Experience with Cybersecurity Governance, Risk, and Compliance (eGRC) Programs and Platforms such as Hyper Proof, Archer or ServiceNow GRC
- SOC Reporting / Hitrust knowledge
-Diverse background in off-prem (cloud) platforms
-Cyber Security related certification
-Experience within the healthcare insurance/payor industry
Telecommute
1
Saturday, December 9, 2023
Contract
6 months+
Tuesday, November 12, 2024
Know someone who would be a good fit? We pay for referrals!