Information Risk Analyst
- Job Level:
$90,000 - $115,000
Information Risk Analyst needed for a direct hire in Melville, NY.
Our client is a growing healthcare network with over a dozen hospitals under its belt. Specializing in some specific areas such as cancer treatment, women's health, and cardiovascular services, our client presents a great opportunity for all those employed.
- Collaborates with IT Security management in the development of enterprise Security assessment tools and policy and procedures.
- Performs vulnerability assessments as assigned utilizing I.T. Security tools and methodologies.
- Summarizes risk posture across the Health System or within specific business units.
- Identifies opportunities to reduce risk within the Health System, detects and remediates vulnerabilities and ensures compliance and audit readiness.
- Makes recommendations for corrective action and documents management decisions regarding acceptance or mitigation of risk scenarios
- Facilitates and monitors performance and compliance of risk remediation tasks. Reports on findings
- Liaises with Health System's partners and vendors regarding the security maintenance of their systems and applications
- Creates and presents changes related to risk mitigation to Change Authorization Board, as needed
- Provides weekly status on project status, including outstanding issues
- Participates in the development of 'security awareness' education and training, as necessary
High School Diploma or equivalent, required; Bachelor's Degree in Information Security or Audit or related field, highly preferred
Experience & Skills Required
- Minimum of eight (8) years progressively responsible information technology risk management experience, required
- Minimum of five (5) years progressively responsible information security assessment or audit experience, required. Healthcare environment preferred
- Certified in at least one of the following: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Security+, Global Information Assurance Certification (GIAC) or related certification, required
- Thorough knowledge and understanding of current information risk assessment techniques, required.
- Familiarity with Federal and State compliance regulations including HIPPA, PCI-DSS and Meaningful Use, required
- Strong interpersonal and communication skills and the ability to work with all levels of management, required