Security Risk Analyst
Description:
Job Description
Security Risk Analyst
*This is an onsite position
Description:
This engagement ensures compliance with industry-standard frameworks supports proactive risk mitigation positions NC HIEA for future HITRUST certification.
Responsibilities:
Plan and conduct NC HIEAs annual enterprise security risk assessment using NIST SP 800-30 ISO 27005 or FAIR methodologies.
Ensure full alignment with NIST SP 800-53 Revision 5 including: RA Risk Assessment AC Access Control SC System Communications Protection IR Incident Response and more.
Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families AP AR DI DM IP SE TR UL.
Build and maintain a comprehensive risk register with treatment plans for mitigation transfer acceptance or avoidance.
Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
Develop and deliver documentation dashboards and executive summaries.
Collaborate with internal stakeholders to validate findings and support security governance efforts.
Desired Skills/Knowledge/Experience:
Experience in IT risk management, cybersecurity, or information security assessment., Highly desired 5 Years
Demonstrated knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and NIST Privacy Framework., Highly desired 5 Years
Experience performing security and privacy risk assessments with documentation aligned to federal and state standards., Highly desired 5 Years
Familiarity with HIPAA Security and Privacy Rules, and healthcare-specific risk domains., Highly desired 5 Years
Experience with HITRUST CSF alignment or certification preparation., Highly desired 5 Years
Strong written and verbal communication skills for technical and executive audiences., Highly desired 5 Years
Proper email communication will only be done to and from @astyra.com email addresses. Please ensure you are communicating with approved Astyra recruiters by checking this point when receiving offers and messages from us. Please ensure you are communicating within these guidelines and proper channels for the quickest possible interview consideration!
#AC