EITS Security Risk Analyst B (Engagement)--Remote Job
Job43 – EITS Security Risk Analyst B (Engagement) Location: 100% Remote Max Submissions: 5 Proposed Start Date: ASAP Proposed End Date: 06/30/2026 Role Overview
- Serve as a liaison between the CISO’s strategic initiatives and the IT operational teams.
- Translate business IT risk requirements into technical control specifications.
- Develop risk metrics for performance measurement and reporting.
- Coordinate enterprise-level security and risk management efforts.
- Act as a subject matter expert (SME) on information security and regulatory compliance.
Key Responsibilities
Security & Risk Management
- Maintain and enforce the enterprise information security and risk management framework.
- Conduct risk analysis and develop mitigation strategies.
- Monitor and assess the enterprise threat landscape.
- Provide realistic risk reporting to the CISO and leadership teams.
- Track and document internal risk reviews, assessments, and exceptions using a GRC tool.
Governance & Compliance
- Document and maintain risk governance methodologies, policies, and procedures.
- Ensure compliance with:
- HIPAA
- * Joint Commission
- * DSRIP
- * COBIT
- * State privacy laws
- Conduct and support internal and external audits (operational, compliance, reputational, security).
- Serve as SME for EMR and PHI-related security risks.
Risk Assessments & Gap Analysis
- Perform enterprise security risk assessments and gap analyses for new technologies and products.
- Develop and manage risk remediation plans and work plans.
- Identify information asset owners for data classification initiatives.
- Support risk exception and risk acceptance documentation processes.
Technical & Cross-Functional Collaboration
- Partner with enterprise architecture teams to align business, technical, and security requirements.
- Collaborate with security engineering teams to implement security controls.
- Facilitate meetings between stakeholders and IT teams.
- Provide written and verbal reports to leadership and committees (including Operational Risk Committee).
Required Qualifications
Experience
- Minimum 7 years of IT experience
- At least 5 years in IT Security Risk Management / Risk Audit / Data Privacy Investigation
- Minimum 2 years in a supervisory capacity
Healthcare Industry Expertise (Required)
- Strong understanding of:
- EMR systems
- * PHI data privacy
- * Healthcare regulatory environment
- Experience with HIPAA, Joint Commission, CMS regulations
GRC & Security Framework Knowledge
- Hands-on experience with GRC tools (ServiceNow, Archer, MetricStream preferred)
- Working knowledge of:
- NIST CSF
- * HITECH
- * ISO 27001/27002
- * PCI DSS
- * COBIT
Technical Skills
- Experience reviewing IT solution requirements and implementing security controls
- Strong analytical and risk assessment skills
- Ability to design compensating controls for security vulnerabilities
- Ability to assess business impact of security tools and policies
Education & Certifications
- Bachelor’s degree in Information Systems or related field
- Preferred Certifications:
- CISSP
- * CISA
- * CRISC
- * Other relevant security certifications
Preferred Soft Skills
- High integrity and ability to work independently
- Strong communication and reporting skills
- Ability to work in fast-moving environments
- Experience participating in special projects
- Ability to support various locations and flexible shifts if required
Thanks & Regards Bhanu Prakash DeltaSoft Solutions [email protected] Apply tot his job Apply To this Job