Security risk analyst Job at Stellar IT Solution, New York, NY

YlVFMFVGRXR1ak4xV1pWVmxvTldKRGgvTHc9PQ==
  • Stellar IT Solution
  • New York, NY

Job Description

Submit LOCAL Candidates only.

Onsite/Remote: Onsite

Location: New York, NY

Engagement Length in Months: 6 months

Job Description

The EITS Security Risk Analyst will interface between the CISO's strategic and process-based activities and the work of the technology-focused analysts, engineers and administrators in the IT organization. The Security Risk Analyst must be able to translate the IT-risk requirements and constraints of the business into technical control requirements and specifications, as well as develop metrics for ongoing performance measurement and reporting. The Security Risk Analyst coordinates the IT organization's technical activities to implement and manage security.

The EITS Security Risk Analyst is part of the Enterprise Information Technology Services, Information Security and Risk Management team and will work at an enterprise level to ensure a consistent delivery of information security and risk management services. This individual will act as a subject matter expert to the assigned business units on matters regarding information security and compliance with HIPAA, Joint Commission, DSRIP, COBIT, and state privacy laws.

General Tasks and Responsibilities Will Include:

Support Information Security and Risk Management by maintaining and enforcing the Information Security and risk management framework/methodology, including execution of risk analysis and risk mitigation strategies.

Manage the process of gathering, analyzing and assessing the current and future threat landscape, as well as providing the CISO with a realistic overview of risks and threats in the enterprise environment.

Exhibit best practice risk management skills through effective internal risk controls, risk monitoring, risk assessment and improvement of risk management processes.

Document and maintain the enterprise security risk governance methodology and risk management policy, process, and procedure.

Work with various stakeholders to identify information asset owners to classify data and systems as part of a control framework implementation.

Organize and perform the enterprise security risk assessment and gap analysis for all technologies, products, and functions introduced, including maintaining risk project work plans to measure and manage progress.

Track and document all internal risk reviews, assessments, risk acceptances, and security exceptions in a GRC tool.

Work with the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with IT management to align existing technical installed base and skills with future architectural requirements.

Develop a strong working relationship with the security engineering team to develop and implement controls and configurations aligned with security policies and legal, regulatory and audit requirements

Serve as the information security liaison and subject matter expert for all relevant EMR and PHI related security risk.

Conduct or participate in all relevant audits and risk assessment activities (whether operational risk, legal/compliance risk, reputational risk, or information security risk).

Aid in the planning and execution of risk remediation activities including the identification of practical, cost effective solutions.

Facilitate team meetings between stakeholders, project leaders, and the Information Technology teams.

Attend regular team, management, and project meetings and provide both verbal and written reports to the Leadership Team as required. This may include coordination with and support of an Operational Risk Committee.

Keep informed on current threats and industry regulations.

Knowledgeable In:

Healthcare industry experience required with understanding of EMR systems and data privacy issues related to PHI

Experience with reviewing IT solution requirements and security controls implementation

A strong understanding of the business impact of security tools, technologies and policies.

Knowledge and experience working with a GRC Software tool

Strong working knowledge of HIPAA, Joint Commission, CMS, and other regulatory legislation pertinent to the healthcare industry

Working knowledge of information security frameworks such as NIST CSF, HITECH, ISO27001/27002, PCI DSS and COBIT

Experience in conducting and responding to information security assessments and audits.

Strong analytical skills and the ability to resolve complex security vulnerabilities and design compensating controls

Other Preferred Skills:

Must possess a high degree of integrity and trust along with the ability to work independently

Participate in special projects as needed and perform other duties as assigned

Must be able to work independently as well as work as part of a fast-moving team

Must be able to work at various locations when necessary along with working various shifts

Educational Level:

A bachelor's degree in information systems

CISSP, CISA, CRISC or other relevant security qualification

Years Of Experience:

A minimum of seven years of IT experience, least 5 years dedicated to IT Security Risk Management, Risk Audit/Assessment, and/or Security and/or Data Privacy Investigation least two years in a supervisory capacity.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Report this job
  • Dice Id: 90962942
  • Position Id: 2024-7825

Job Tags

Contract work, Local area, Remote job, Shift work,

Similar Jobs

PJS of Texas, Inc.

Bilingual Janitorial Project Manager (English/Spanish) Job at PJS of Texas, Inc.

 ...shift. PM21 HP1 Professional Janitorial Service is one of the largest and fastest growing privately owned commercial cleaning companies in Central Texas, San Antonio and El Paso. We pride ourselves in providing high quality cleaning services to many office buildings... 

Amentum

All Source Analysts (Network Analysis) Expert Job at Amentum

 ...This position is to support DIA through the analysis of All Source intelligence. Your fused analysis and assessment will be vital to the decision making of senior leaders to include the DIA Director. You will witness the impact of your analysis indirectly on the battlefield... 

Payarc LLC

Accounts Receivable Specialist Job at Payarc LLC

Description: We are a technology-driven company. We built our business with the purpose of empowering people and improving their organizations, one payment at a time. We started our journey by providing smart and simple payment processing tools and products but...

Vista Prairie Communities

Overnight Resident Assistant Job at Vista Prairie Communities

 ...6am)~$3 Weekends (6am Sat-Mon 5:59am) What you will need: ~ High school diploma or GED is preferred. ~ Must be 16years of age or older. ~ CBRF Certification is required. ~1 year of Resident Assistant experience required. ~ Demonstrated ability to... 

Baxter & Woodman, Inc.

Landscape Architect Job at Baxter & Woodman, Inc.

Your future position: Landscape ArchitectLocation:Katy, Texas or North Houston, Texas (Hybrid work from home/in-office schedule available)Why you should join our team! Why Baxter & Woodman?At Baxter & Woodman, both seasoned professionals and recent graduates find...