Hello,
We have an immediate requirement for HEALTHCARE IT SECURITY RISK ANALYST, let me know if you have any consultant’s available.
TITLE: HEALTHCARE IT SECURITY RISK ANALYST
LOCATION: NYC
CLIENT: HHC
JOB SUMMARY:
The IT Security Risk Analyst will work under the supervision of EITS Security and Operational Risk Management leadership to identify, rate, and track risks to enterprise information systems. This role will be responsible for assisting in four key strategic areas: 1) Conduct risk assessments of information systems at various HHC facilities following the organization’s risk management framework. 2) Establish a cyclical collection of key performance indicator data for analysis and reporting. 3) Assist HHC regional security staff in the implementation of surveys, interviews, inspections and reviews associated with HIPAA risk assessments. 4) Assist management to develop monthly and quarterly risk management reports.
The incumbent will be expected to have familiarity with Healthcare IT and related HIPAA regulatory requirements. Strong communications skills, written and spoken, are needed in order to conduct face-to-face interviews, inspect facilities, and communicate regulatory requirements. A general technology background will be necessary to read and understand IT process diagrams and procedures, document findings, and research potential solutions. Familiarity with risk management methodologies such as NIST, COBIT and ISO will be needed as well as an understanding of technology risks and compliance concepts. The role is not focused on the technical or engineering side of IT Security, but its governance and administration as well as monitoring its compliance with relevant Health IT legal and regulatory obligations.
PRINCIPAL DUTIES AND RESPONSIBILITIES:
Working under the supervision of Security and Operational Risk Management leadership:
• Conduct various ongoing risk assessments throughout the organization following a documented risk management work plan. Travels to various HHC facilities within the NYC area as necessary.
• Conduct monthly and quarterly reviews of all reported risk incidents, perform root cause analysis, document impacts, evaluate control effectiveness, develop remediation plans, and communication lessons learned.
• Update the IT Security and Risk Management Risk Registry as operational, IT, regulatory, security, and project risks identified by various stakeholders throughout the organization.
• Provide support during internal and external audits.
• Participate in team projects related to IT Security and Risk Management as needed.
• Assist in the administration and maintenance of the IT Security and Risk Management reports.
• Perform other related duties as assigned.
QUALIFICATIONS / EXPERIENCE:
• Bachelor’s degree in Computer Science, Information Systems or Management.
• 3-5 years of experience in the Information Technology field. Must have at least 2 years of experience in Information Security, IT Audit or Risk Management in a large organization.
• Experience in Healthcare IT highly desirable.
• Familiarity with IT security frameworks such as COBIT, HIPAA, ITIL, NIST, ISO.
• Experience writing IT Security policies, guidelines and procedures.
• Understanding of ISACA’s IT Governance, IT Control Environments, and Risk Assessments highly desirable.
• Experience using MS-Excel, pivot tables and analyzing data / charting needed.
• Strong verbal, reading, writing and presentation skills needed.
• CISA, CISM, CISSP, CBCP, CRISC desirable, but not required
Thanks and regards,
Avinash
Senior Talent Acquisition Specialist
Phone: (732) 283-2647 Ext 150 Email: avinash@systemedge.com
an E-Verify Employer
MBE Certified | SBE Certified – State of New Jersey, State of New York, State of Pennsylvania
