Info Sec Risk Analyst III

				Overview:

The Information Security Risk Analyst is responsible for maintaining awareness of the security state of information systems on an ongoing basis and providing essential information to senior leaders to facilitate decisions regarding risk to organizational operations, assets, and individuals.

 The Information Security Risk Analyst develops, documents and maintains the procedures Novant Health leverages to evaluate the significance of risks identified during risk assessments, the acceptable risk mitigation measures Novant Health employs to address identified risks, the level of risk Novant Health plans to accept (i.e., risk tolerance), how Novant Health monitors risk on an ongoing basis, and the type of oversight Novant Health uses to ensure that the risk management strategy is being effectively carried out. 

The Information Security Risk Analyst ensures that managing information system-related security risks is consistent with the organization's mission/business objectives and overall risk strategy established by senior leadership.

At Novant Health, one of our core values is diversity and inclusion. By engaging the strengths and talents of each team member, we ensure a strong organization capable of providing remarkable healthcare to our patients, families and communities. Therefore, we invite applicants from all group dynamics to apply to our exciting career opportunities. 

Responsibilities:

It is the responsibility of every Novant Health team member to deliver the most remarkable patient experience in every dimension, every time.

* Our team members are part of an environment that fosters teamwork, team member engagement and community involvement.
* The successful team member has a commitment to leveraging diversity and inclusion in support of quality care.
* All Novant Health team members are responsible for fostering a safe patient environment driven by the principles of "First Do No Harm".

Qualifications:

* Education: 4 Year / Bachelors Degree required. 
* Experience: Minimum five years Information Security Risk Analysis, Information Security required.
* Licensure/Certification:  (CISSP or HCISSP) and (CRISC) and (CompTIA Security+ or CompTIA Healthcare IT Tech) or CRISC or equivalent. Three cert required
* Additional skills required: Advanced knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Intermediate knowledge of national laws, regulations, policies, and ethics as they relate to cybersecurity. Advanced knowledge of cybersecurity principles. Intermediate knowledge of cyber threats and vulnerabilities. Basic knowledge of cyber defense mitigation techniques and vulnerability assessment tools, including open source tools, and their capabilities. Intermediate knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. Advanced knowledge of information assurance (IA) principles and organizational requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data. Advanced knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures, utilizing standards-based concepts, and capabilities. Intermediate knowledge of new and emerging Information Technology (IT) and cyber security technologies. Advanced knowledge of the organization's enterprise information technology (IT) goals and objectives. Advanced knowledge of the organization's core business/mission processes. Intermediate knowledge of Personally Identifiable Information (PII) and Payment Card Industry (PCI) data security standards. Intermediate knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), U.S. Statutes (e.g., Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed. Basic knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures. Advanced skill in evaluating the trustworthiness of the supplier and/or product. Intermediate knowledge of relevant laws, policies, procedures, or governance related to work impacting critical infrastructure. Advanced knowledge of information classification programs and procedures for information loss. Advanced interpersonal communication skill, both written and oral, with the ability to communicate effectively to technical and non-technical audiences. Advanced technical writing skill. Advanced skill with MS Office suite of tools and SharePoint. Advanced attention to detail and organization skills. Advanced analysis and critical thinking skills. Ability to develop productive working relationships with business and technical groups. Ability to effectively prioritize multiple responsibilities. Ability to take direction as well as work with a high degree of independence. Ability to work as a member of a team. Ability to drive/travel to multiple locations/facilities as needed. 
* Additional skills preferred: Basic knowledge of information security architecture principles. Basic knowledge of incident response methodologies. Basic knowledge of security tools (IDS, FIM, Vulnerability Scanner, SIEM, Forensics, Network Mapping, Penetration Testing, Encryption, etc.). Basic knowledge of penetration testing methods (i.e.; black-box, white-box). Basic knowledge of systems testing and evaluation methods (i.e.; unit testing, integration testing, regression testing).
			

Apply

Share this job:

Share this Job

View company profile

Novant Health

Connect To Our Company