Cybersecurity Risk Analyst

Summary

Join PatientPoint's dynamic team and contribute to improving health outcomes nationwide. As a Cybersecurity Risk Analyst, you will be responsible for identifying, assessing, and mitigating security risks across the organization's data, systems, and operations. This leadership role involves developing risk management strategies, ensuring compliance with security standards, and collaborating with cross-functional teams. You will lead incident response efforts, educate employees on security best practices, and provide executive-level reports on cybersecurity risks. The position requires a Bachelor's or Master's degree in a related field and 5+ years of experience in cybersecurity or IT security. PatientPoint offers competitive pay and benefits, including flexible time off, hybrid work options, and wellness resources.

Requirements

• Bachelor's or Master’s degree in Cybersecurity, Information Technology, Computer Science, or a related field
• 5+ years of experience in cybersecurity, risk management, or IT security
• Hands-on experience in risk assessment methodologies, cybersecurity frameworks, and compliance management
• Familiarity with cloud security, network security, and data protection strategies

Responsibilities

• Identify, analyze, and evaluate cybersecurity risks related to the organization's IT infrastructure, applications, and third-party vendors
• Develop and implement cybersecurity risk management frameworks, policies, and procedures
• Conduct regular security risk assessments, audits, and penetration testing to detect vulnerabilities in collaboration with Cybersecurity team
• Maintain and update risk registers, ensuring timely mitigation of identified risks
• Ensure compliance with industry regulations and frameworks such as NIST, ISO 27001, GDPR, CMMC, HIPAA, or SOC 2
• Develop and enforce policies related to data protection, access control, and risk mitigation
• Conduct internal security audits and prepare for external audits to meet regulatory requirements
• Provide governance support for cybersecurity policies, ensuring alignment with business objectives
• Lead response efforts for security incidents, including investigations, containment, and recovery
• Develop and refine cybersecurity incident response plans (CSIRPs)
• Collaborate with IT and security teams to ensure timely resolution of vulnerabilities
• Conduct post-incident reviews and implement lessons learned to improve security resilience
• Work with IT, compliance, and business teams to integrate cybersecurity risk management into overall business strategies
• Educate and train employees on security best practices, policies, and threat awareness
• Provide executive-level reports on cybersecurity risks, incidents, and mitigation efforts
• Serve as the liaison between the organization and external cybersecurity auditors, vendors, and regulatory agencies
• Stay up to date with emerging cyber threats, vulnerabilities, and industry trends as it relates to organizational risk
• Recommend enhancements to security controls, policies, and procedures

Preferred Qualifications

• CISSP, CISM, CRISC, or CEH certifications
• Strong analytical and problem-solving skills
• Excellent understanding of risk management principles and cybersecurity frameworks
• Proficiency in security tools and technologies
• Effective communication and stakeholder management skills
• Ability to work under pressure and manage multiple security initiatives

Benefits

• Competitive compensation
• Flexible time off to recharge
• Hybrid work options
• Mental and emotional wellness resources
• A 401K plan