Cybersecurity Risk Analyst

Summary

Join PatientPoint as a Cybersecurity Analyst to manage our Risk Management and Compliance (GRC) programs. You will perform IT risk assessments, manage risk registers, oversee risk acceptances and policy exceptions, and support third-party risk management. This role is crucial for enhancing GRC processes, ensuring security framework adherence, and protecting PatientPoint's IT environment. Responsibilities include risk management, compliance and GRC program management, incident response, and audits and assessments. The ideal candidate will have 3+ years of IT experience, 1+ year in IT security with GRC oversight, and strong HIPAA environment experience. Location is Cincinnati or remote.

Requirements

• 3+ years of professional experience in information technology
• 1+ years in an IT security role with oversight of GRC processes
• Strong, practical experience working in a HIPAA environment
• Hands-on experience with the implementation and management of security frameworks such as ISO 27001, NIST, or CSF
• Experience with Agile Project Management methodologies
• Proficiency with ticketing systems such as JIRA or ServiceNow
• Familiarity with conducting Business Impact Assessments

Responsibilities

• Perform IT risk assessments and audits, articulating technical risks in terms of business impact
• Identify critical risks and issues, develop contingency plans, and escalate unresolved matters to senior management
• Manage risk register items by assigning ownership, tracking progress, and driving remediation efforts
• Manage the lifecycle of all risk acceptances and policy exceptions
• Facilitate planning, execution, and reporting of risk assessments and audits to support compliance with security frameworks (CIS, HIPAA, NIST, ISO)
• Assist in the day-to-day management of the IT GRC program, identifying opportunities for improvement in existing processes and controls
• Build and manage GRC frameworks and processes
• Develop vendor assessment standards and processes for third-party technology vendors
• Participate in cybersecurity incident response activities
• Assess the impact of incidents and initiate appropriate remediation measures
• Conduct internal and external audits and assessments to verify adherence to security controls
• Participate in compliance-related initiatives for HIPAA, NIST, ISO, and similar standards
• Generate regular reports on the organization’s risk posture and security status
• Present findings and recommendations to management and stakeholders

Preferred Qualifications

• Knowledge of GDPR, CCPA, VCDPA, or related privacy laws
• Security certifications such as CISA, CIA, CISSP, CISM, CEH, or GISP
• Experience with GRC tools like LogicGate, Lockpath, or OneTrust
• Strong analytical and problem-solving skills
• Excellent communication and presentation abilities
• Proven ability to collaborate effectively across teams and manage multiple priorities

Benefits

• Competitive compensation
• Flexible time off to recharge
• Hybrid work options
• Mental and emotional wellness resources
• A 401K plan