Senior Information Security Analyst – Risk
Atlanta, Georgia 30339
6+ Month ContractThis client is one of the largest and fastest growing health systems across GA. With this, the Governance, Risk and Compliance team at this client has quickly and consistently grown to support the organization’s increased needs. The team is looking for an additional team member to help lead the performance of risk assessments of internal and external applications/solutions, determining the adherence to the company’s policies, standards, and industry best practices. This supplemental support will allow current team members to take on responsibilities associated with a system-wide initiative, allowing for continued operational efficiency during this exciting and dynamic time.
- Bachelor's degree in Information Security of related field required
- In lieu of degree, four (4) years of relevant work experience will be accepted in addition to the experience requirements.
- If no degree, a total of 8 years of experience is required.
- Four (4) or more years of risk assessment experience.
- Four (4) years of experience in Information Security or a closely related field involving Security and regulations (such as HIPAA, PCI-DSS 3.2, ISO 27001, HITRUST, and NIST) with a solid understanding of network security protocols and methodologies. With this, the individual is expected to leverage his/her Information Security Policy experience to assist in the review and maturation of the existing policy to align with industry standard.
- Vendor risk management experience, specifically as it relates to risk assessments and product assessments.
- Skill and ability in Microsoft Office applications.
- Working knowledge of GRC automated tools (e.g. RSAM).
- Proficient in the design and implementation of effective Information Security controls.
- Solid understanding of the Information Security & IT controls, Service Organization Controls (SOC), penetration and vulnerability assessments.
- Demonstrated knowledge of generally known information technology platforms, standards, and software development languages.
- Healthcare experience preferred.
- Strong project management skills with leadership experience in an IT Support Organization preferred.
- Certified in one or more of the following area(s):
- Certified Information Systems Security Professional (CISSP)
- Healthcare Certified Information Security and Privacy Professional (HCISPP)
- GIAC Security Essentials Certified (GSEC)
- Certified in Risk and Information Systems Control (CRISC)
- Certified Information Systems Auditor (CISA) or equivalent certification
- Leads the technical enforcement of organizational security policies, through the performance of formal Risk Assessments, department self-audit, internal audit, external audit review, Policy and Governance, and internal Threat Analysis.
- Leads the charge in focusing on the 60-70 backlogged assessments in process.
- Interacts with vendor resources ad key stakeholders to ensure assessment completion.
- Performs periodic and on-demand system and risk assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
- Develops, and communicates Information Security Awareness training documentation and materials.
- Provides reporting and guidance to leadership on corrective action plans of ongoing/past risk assessments, audit initiatives, or product/process improvements.
- Liaise with other teams and departments to ensure implementation of corrective actions resulting from risk assessments and audit initiatives.
- Performs detailed analysis of business need, identified IT Security impacts or considerations and translates into secure, viable technical solutions.
- Identifies areas where existing policies and procedures require change and suggests appropriate changes.
- Utilizes automated Governance, Risk and Compliance tools to track artifacts of the risk management lifecycle.
Brooksource provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, national origin, age, sex, citizenship, disability, genetic information, gender, sexual orientation, gender identity, marital status, amnesty or status as a covered veteran in accordance with applicable federal, state, and local laws.