Job Details:
Job Title: Privacy & Info Security Risk Mgmt Analyst II
Location: 100% Remote
Duration: 6+ Months Contract
Notes: Client is looking for someone with a mix of GRC reporting and Remediation, along with Security awareness training.
Description:
• These Principal Accountabilities, Requirements, and Qualifications are not exhaustive, but are merely the most descriptive of the current job.
• Management reserves the right to revise the job description or require that other tasks be performed when the circumstances of the job change.
• change (for example, emergencies, staff changes, workload, or technical development).
Job Accountabilities:
Security Risk Review-Measurement and Reporting:
• Establishes metrics and contributes to the overall plan associated with the security dashboards and scorecards to inform business leaders of information security-related risks.
• Maintains accurate and thorough documentation of all security risk review activities in the governance, risk management, and compliance (GRC) platform.
• Develops and validates recommended corrective action plans for projects, assessments, and other identified risks.
• Advises and guides remediation activities required for risk mitigation, including building and maintaining an inventory of security controls, risks, and control gaps.
• Upholds the confidentiality of all privacy and risk management data.
Security Plans and Consulting:
• Serves as a technical security lead on small, medium, large, and complex projects
• Briefs Information Security teams regarding emerging threats and provides recommendations on technical and administrative controls to mitigate or reduce risk to Client.
• Performs and reviews evaluation of incident activities (cost and resource analysis), including making recommendations for corrective actions and preventative measures.
• Collaborates and leads with engineering and other technical disciplines to integrate security controls to protect client information, services, data, applications, and resources.
Security Training and Awareness:
• Provides security training to staff members through new hire orientation, just-in-time training, and regular department training.
• Acts as an Information Security liaison and subject matter expert working with Privacy and Office of General Counsel (OGC) leadership.
• Researches, develops, and provides technical security training on best practices and risk measurement methods for Ostaffers.
Policies And Procedures:
• Develops, reviews, and revises information security policies, procedures, and standards to reflect regulatory requirements, security best practices, and evolving technologies.
• Demonstrates working knowledge and understanding of privacy and information security risk management best practices and methodologies, specifically the procedures used within the healthcare environment.
• Assists in drafting policies, procedures, and processes to implement new and revised regulations, as needed.
Research And Analysis:
• Conducts technical security-related research and analysis and then translates the results into meaningful input for the Information Security and Risk Management program.
• Helps lead the development of the information security controls framework and controls testing methodologies.
• Ensures the technical accuracy during the researching, outlining, and writing of documentation such as internal publication of white papers, position papers, and other guidance documents.
• Remains technically current on new technologies through reading, seminars, workshops, and vendor information.
Education:
• Equivalent experience will be accepted in lieu of the required degree or diploma.
• Bachelor''s in Business, Computer Science, Engineering, Information Security, Management, Mathematics, Science, Technology, or related field.