Information Security Risk Analyst - Senior

Summary

Join our team as a Senior Information Security Risk Analyst and lead the execution of our annual enterprise security risk assessment. This remote contract role (12+ months) ensures compliance with industry standards, supports proactive risk mitigation, and prepares the client for HITRUST certification. You will plan and conduct the annual assessment using established methodologies (NIST SP 800-30, ISO 27005, or FAIR), ensuring alignment with NIST SP 800-53 Revision 5 and the NIST Privacy Framework. Responsibilities include building and maintaining a risk register, mapping risks to HITRUST CSF, and developing comprehensive documentation. Collaboration with internal stakeholders is crucial for validating findings and supporting security governance. This role requires strong communication skills for both technical and executive audiences.

Requirements

Experience in IT risk management, cybersecurity, or information security assessment

Responsibilities

• Plan and conduct the client annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies
• Ensure full alignment with NIST SP 800-53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more
• Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL)
• Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance
• Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
• Develop and deliver documentation, dashboards, and executive summaries
• Collaborate with internal stakeholders to validate findings and support security governance efforts

Preferred Qualifications

• Demonstrated knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and NIST Privacy Framework
• Experience performing security and privacy risk assessments with documentation aligned to federal and state standards
• Familiarity with HIPAA Security and Privacy Rules, and healthcare-specific risk domains
• Experience with HITRUST CSF alignment or certification preparation
• Strong written and verbal communication skills for technical and executive audiences