Senior Information Security Risk Analyst– Perm – Hybrid / New York, NY. - $155,000 - $165,000
The end client is unable to sponsor or transfer visas for this position; all parties authorized to work in the US without sponsorship are encouraged to apply.
An American Company is seeking a Senior Information Security Risk Analyst in Hybrid / New York, NY.
Understand the opportunities and challenges facing business, mission, IT, and operational groups and be able to balance institutional risk with business and mission objectives. Design and implement mechanisms to monitor adherence to strategies and policies and take corrective action as needed.
• Act as a SME for end-to-end management of findings for information security assessments for vendors, applications and biomedical devices. Adhere to NIST Cyber Security Framework, HIPAA, Joint Commission. Meaningful use of audits and purple team/penetration/vulnerability assessment findings.
• Assist in implementing HSS GRC tool.
• Act as a SME for Cyber Security audits performed by external clients.
• Maintain a formal risk register which drives security governance and ensures security funding is aligned with business objectives.
• Develop Key Risk Indicators which highlight top cyber risks for the organization to executive management and the board and Key Performance Indicators that demonstrate success of the security program along with its alignment to NIST and industry best practices.
• Work collaboratively with the other Managers, Directors, CMIO, CIO, Service Line Leads, Steering Committees and other key partners to manage Cyber Security risks
• Assist in developing and contributing to a formal next generation security education and awareness program that delivers role-based security education, is based on gamification concepts and leads to measurable improvement in building a risk aware culture at all levels. Create and deliver information security concepts in simple and engaging manner through newsletters, social media, blogs, video, new employee orientation, townhalls and in person.
• Work closely with the Project Management Office (PMO) and other IT teams to define security, requirements, track issues and concerns, provide solutions, communicate identified vulnerabilities, and identify exceptions to policy. Ensure that PMO policies, procedures, forms, and workflows include appropriate security components so that projects incorporate appropriate risk-management and mitigation techniques and tasks.
Skills & Requirements
• Bachelor’s degree
• 5-7 years of security experience.
• At least 3 years working in a regulated industry (healthcare preferred).
• At least 1-2 years implementing/using a GRC platform. Lockpath is a plus.
• At least 1-2 years dealing with public cloud (AWS/Azure/O365) security and compliance.
• Strong knowledge of frameworks such as NIST Cyber Security Framework, Cloud Security Alliance, Center for Internet Security, COBIT and FedRAMP.
• Working knowledge of HIPAA and HITECH. Strong analytical, problem solving and project management skills.
• Excellent written and verbal communications skills, interpersonal skills. Must possess a high degree of integrity and trust along with the ability to work independently as well as motivate others.
• CISSP, CISM, C-RISC, CISA or other similar certifications.
• At least 2 days of being onsite per week (rest is remote work).
• COVID-19 vaccinated.
Education – Required
• Degree/Diploma Obtained: Degree/Diploma from an accredited school is required.
• Program of Study: Computer Information Systems
• Title: CISSP, CISM, C-RISC, CISA or other similar certifications.
You will be working with a professional recruiter who has intimate knowledge of the industry and market trends. Your Hays recruiter will lead you through a thorough screening process in order to understand your skills, experience, needs, and drivers. You will also get support on resume writing, interview tips, and career planning, so when there’s a position you really want, you’re fully prepared to get it.
Nervous about an upcoming interview? Unsure how to write a new resume?
Visit the Hays Career Advice section to learn top tips to help you stand out from the crowd when job hunting.
Hays is an Equal Opportunity Employer including disability/veteran.
In accordance with applicable federal and state law protecting qualified individuals with known disabilities, Hays U.S. Corporation will attempt to reasonably accommodate those individuals unless doing so would create an undue hardship on the company. Any qualified applicant or consultant with a disability who requires an accommodation in order to perform the essential functions of the job should call or text 813.336.5570
Drug testing may be required; please contact a recruiter for more information. #1141472