Information Security Risk Analyst - Senior (REMOTE)

Remote: 
Full Remote
Contract: 
Work from: 

Offer summary

Qualifications:

5+ years of experience in IT risk management, cybersecurity, or information security assessment., Demonstrated knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and NIST Privacy Framework., Experience with HIPAA Security and Privacy Rules, and healthcare-specific risk domains., Strong written and verbal communication skills for technical and executive audiences..

Key responsibilities:

  • Lead the execution of the annual enterprise security risk assessment using NIST and ISO methodologies.
  • Build and maintain a comprehensive risk register with treatment plans for risk mitigation.
  • Develop and deliver documentation, dashboards, and executive summaries for stakeholders.
  • Collaborate with internal stakeholders to validate findings and support security governance efforts.

Serigor Inc logo
Serigor Inc Information Technology & Services SME https://www.serigor.com/

Job description

Job Title: Information Security Risk Analyst - Senior (REMOTE)
Location: Raleigh, NC
Duration: 12+ Months


Job Description:
  • The Client is seeking a skilled Information Security Risk Analyst on a contract basis to lead the execution of its annual enterprise security risk assessment.
  • This engagement ensures compliance with industry-standard frameworks, supports proactive risk mitigation, & positions the client for future HITRUST certification. Plan and conduct the client annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies.
  • Ensure full alignment with NIST SP 800-53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more.
  • Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL).
  • Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
  • Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
  • Develop and deliver documentation, dashboards, and executive summaries.
  • Collaborate with internal stakeholders to validate findings and support security governance efforts.

Skills:
 
SkillRequired/DesiredAmountof Experience
Experience in IT risk management, cybersecurity, or information security assessment.Highly Desired5Years
Demonstrated knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and NIST Privacy Framework.Highly Desired5Years
Experience performing security and privacy risk assessments with documentation aligned to federal and state standards.Highly Desired5Years
Familiarity with HIPAA Security and Privacy Rules, and healthcare-specific risk domains.Highly Desired5Years
Experience with HITRUST CSF alignment or certification preparation.Highly Desired5Years
Strong written and verbal communication skills for technical and executive audiences.Highly Desired5Years

Required profile

Experience

Industry :
Information Technology & Services
Spoken language(s):
English
Check out the description to know which languages are mandatory.

Other Skills

  • Communication

Information Security Analyst Related jobs