Cyber Risk & Compliance Analyst - REMOTE
Job Description
The Cyber Risk & Compliance Analyst is an individual with solid hands-on
understanding and experience of information security, IT governance, risk
assessment, and compliance. This position provides organizational support for
identifying, reporting, and managing remediation activities for key risks within the
organization, ensuring that controls and activities are aligned with overall organization risk strategy.
The person assists the security team in improving the security measures,
user awareness program, maintaining and enforcing security policies, and ensuring compliance. Responsibilities, include but not limited to coordinating 3rd party vendor risk assessments, gap analysis across the organization, evaluating and maintaining relevant controls/metrics, as well as supporting the ongoing development, maintenance, and enforcement of security policies and standards.
Essential Duties and Responsibilities
Under the guidance of organization’s CISO and in collaboration with organization’s Cyber Risk & Compliance Program Manager, work with the team to provide vision and guidelines with applicable regulations and cybersecurity frameworks (e.g., HIPAA, PCIDSS, NIST 800).
Assist with internal and external audit process(es) for relevant compliance matters, including but not limited to SOC2, HIPAA, HITRUST, etc.
Collaborate to develop and implement appropriate policies, procedures, and
reporting metrics to ensure the security controls and compliance requirements are met.
Assist with designing, deploying, and maintaining the organization's GRC platform.
Help lead and define the organization's overall third-party risk management efforts.
Assisting in designing, testing, and executing the company’s security incident
response and BC/DR plans.
Participate in internal and external security audits and risk analysis to identify
weaknesses, assess the effectiveness of existing controls, and recommend remedial actions.
Stay current and up to date with latest security news, threats, and applicable
regulations.
Respond to internal users’ security questions/concerns, external audit requests,
customers’ assessments, and appropriate compliance requirements.
Write technical reports as needed to communicate applicable security incidents
and/or potential risks.
Work individually and in a team environment. Multitask and use time efficiently to
meet project/task deadlines in a fast-paced environment.
Required Education, Experience, Skills and Abilities
• University degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience)
• Minimum of 2-3 years of experience in Information Security, IT Security, and/or IT Risk Management
• Proven experience in governance, risk management, and compliance within the
cybersecurity realm
• Demonstrated technical skills in conducting gap analysis regarding baseline security standards
• Experience in utilizing, managing, and maintaining a commercially available GRC platform
• Knowledge of cybersecurity frameworks and relevant regulatory requirements
• Ability to develop and/or modify policies and procedures in compliance with relevant regulatory requirements and management objectives
• Understanding of IP networking, data centers, IT systems, applications, and databases
• High level of personal integrity and ability to professionally handle confidential
matters
• Capable of acting calmly and managing incidents under high pressure and stress
• Capable of multitasking in a fast paced, multifaceted environment
• Ability to work well with customers, peers, and management
• Demonstrated organizational, facilitation, presentation, and project management
skills with excellent written and verbal communication skills at all levels
• Proficient with Microsoft Office Suite and Office365 (i.e., Teams, SharePoint)
Preferred Education Experience, Skills and Abilities
• Bachelor’s degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience)
• 3-5 years of experience in Information Security, IT Security, and/or IT Risk
Management
• Demonstrated experience in cybersecurity frameworks, such as NIST 800 and ISO/IEC 27001/27002
• Demonstrated experience and knowledge of relevant regulatory requirements, such as The U.S. Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standards (PCI DSS)
• Previous working experience in healthcare environments
• Knowledge and experience in information security and privacy laws, general
electronic health information access, release of information, and release control
technologies
• CISM, CISA, CRISC, CGEIT certifications are a plus
The Cyber Risk & Compliance Analyst is an individual with solid hands-on
understanding and experience of information security, IT governance, risk
assessment, and compliance. This position provides organizational support for
identifying, reporting, and managing remediation activities for key risks within the
organization, ensuring that controls and activities are aligned with overall organization risk strategy.
The person assists the security team in improving the security measures,
user awareness program, maintaining and enforcing security policies, and ensuring compliance. Responsibilities, include but not limited to coordinating 3rd party vendor risk assessments, gap analysis across the organization, evaluating and maintaining relevant controls/metrics, as well as supporting the ongoing development, maintenance, and enforcement of security policies and standards.
Essential Duties and Responsibilities
Under the guidance of organization’s CISO and in collaboration with organization’s Cyber Risk & Compliance Program Manager, work with the team to provide vision and guidelines with applicable regulations and cybersecurity frameworks (e.g., HIPAA, PCIDSS, NIST 800).
Assist with internal and external audit process(es) for relevant compliance matters, including but not limited to SOC2, HIPAA, HITRUST, etc.
Collaborate to develop and implement appropriate policies, procedures, and
reporting metrics to ensure the security controls and compliance requirements are met.
Assist with designing, deploying, and maintaining the organization's GRC platform.
Help lead and define the organization's overall third-party risk management efforts.
Assisting in designing, testing, and executing the company’s security incident
response and BC/DR plans.
Participate in internal and external security audits and risk analysis to identify
weaknesses, assess the effectiveness of existing controls, and recommend remedial actions.
Stay current and up to date with latest security news, threats, and applicable
regulations.
Respond to internal users’ security questions/concerns, external audit requests,
customers’ assessments, and appropriate compliance requirements.
Write technical reports as needed to communicate applicable security incidents
and/or potential risks.
Work individually and in a team environment. Multitask and use time efficiently to
meet project/task deadlines in a fast-paced environment.
Required Education, Experience, Skills and Abilities
• University degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience)
• Minimum of 2-3 years of experience in Information Security, IT Security, and/or IT Risk Management
• Proven experience in governance, risk management, and compliance within the
cybersecurity realm
• Demonstrated technical skills in conducting gap analysis regarding baseline security standards
• Experience in utilizing, managing, and maintaining a commercially available GRC platform
• Knowledge of cybersecurity frameworks and relevant regulatory requirements
• Ability to develop and/or modify policies and procedures in compliance with relevant regulatory requirements and management objectives
• Understanding of IP networking, data centers, IT systems, applications, and databases
• High level of personal integrity and ability to professionally handle confidential
matters
• Capable of acting calmly and managing incidents under high pressure and stress
• Capable of multitasking in a fast paced, multifaceted environment
• Ability to work well with customers, peers, and management
• Demonstrated organizational, facilitation, presentation, and project management
skills with excellent written and verbal communication skills at all levels
• Proficient with Microsoft Office Suite and Office365 (i.e., Teams, SharePoint)
Preferred Education Experience, Skills and Abilities
• Bachelor’s degree in Information Security, Computer Science, Computer Engineering, Information Technology (or equivalent of education and work experience)
• 3-5 years of experience in Information Security, IT Security, and/or IT Risk
Management
• Demonstrated experience in cybersecurity frameworks, such as NIST 800 and ISO/IEC 27001/27002
• Demonstrated experience and knowledge of relevant regulatory requirements, such as The U.S. Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standards (PCI DSS)
• Previous working experience in healthcare environments
• Knowledge and experience in information security and privacy laws, general
electronic health information access, release of information, and release control
technologies
• CISM, CISA, CRISC, CGEIT certifications are a plus
This role is to be filled outside the states of California and Colorado.
#LI-JC2