Information Security Risk Analyst (GRC) - Hybrid (PA/NJ/DE)

Remote Full-time
IBX is seeking an experienced Information Security Risk Analyst to be the primary owner of cybersecurity risk assessments and our enterprise cyber risk register. You'll collaborate with ISOGRC and Security Operations to identify, assess, and monitor risks; map them to controls; design and execute regular effectiveness testing; and provide clear, actionable reporting on our risk posture to leadership. You will also drive the project risk assessment process end-to-end, working closely with the Project Management Office to keep initiatives moving while ensuring risks are mitigated and documented.

This role is ideal for someone who thrives in a hands-on environment, can independently run a cyber risk management platform, and is comfortable partnering across audit, third-party risk, and security operations in a regulated healthcare environment.

What You'll Do
• Own Project Risk Assessments: Intake project requests from the PMO, facilitate stakeholder meetings, perform risk analysis, document findings, recommend mitigations, and publish deliverables (risk assessment report, control requirements, sign-offs) to enable go/no-go decisions.
• Build & Manage the Risk Register: Establish and maintain an enterprise cyber risk register in LogicGate-define risk taxonomy, scoring methodology, control mapping, and treatment plans; track status and residual risk over time.
• Controls Testing & Assurance: Coordinate and perform control effectiveness reviews, define test plans/criteria, and report test results; partner with SecOps to implement corrective actions and continuous improvement.
• Risk Reporting & Governance: Produce dashboards and executive-level reporting on risk posture, trends, key risk indicators (KRIs), and control performance; prepare materials for governance forums and leadership briefings.
• Cross-Functional Collaboration: Work with Audit (SOC 2, HITRUST, external audits), Third-Party Risk (annual vendor assessments), Privileged Access Certification (bi-annual), and Access/Data Monitoring teams to ensure risk linkage and consistent control coverage.
• Methodology & Process Maturity: Define and refine risk assessment procedures, SLAs, and templates; contribute to NIST CSF maturity assessments and HIPAA Security Risk Assessments; support remediation tracking and verification.
Qualifications:

Required
• 1-3 years in cybersecurity risk management or information security with direct experience performing project/initiative risk assessments and managing risk registers.
• Strong knowledge of IT and security controls (identity/access, privileged access, change/configuration, vulnerability management, endpoint/network security, logging/monitoring, incident response).
• Hands-on experience with a GRC or risk management platform (e.g., LogicGate, Archer, OneTrust, ServiceNow GRC) including workflow design, risk scoring, and reporting.
• Familiarity with healthcare and regulated environments; practical understanding of frameworks and standards such as NIST CSF, HIPAA Security Rule, HITRUST, and SOC 2.
• Proven ability to translate technical risk into business-impact narratives and clear mitigation plans; excellent writing and stakeholder facilitation skills.
• Ability to operate independently, set priorities, and move multiple assessments to completion in a fast-paced environment.
Preferred
• Experience implementing LogicGate (risk taxonomy, controls library, workflows, dashboards).
• Exposure to third-party security risk assessments and integration of vendor risks into enterprise risk register.
• Experience with privileged access governance/certification and evidence collection.
• Certifications: CRISC, CISSP, CISM, CGEIT, HITRUST, CCSK (or equivalent).
• Experience with control testing and audit readiness (SOC 2/HITRUST) and developing KRIs/KPIs.

Hybrid

Independence has implemented a "Hybrid" model which consists of Associates working in the office 3 days a week (Tuesday, Wednesday & Thursday) and remotely 2 days a week (Monday & Friday). This role is designated as a role that fits into the "Hybrid" model. While associates may work remotely on our designated remote days, the work must be performed in the Tri-State Area of Delaware, New Jersey or Pennsylvania.

IBX is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to their age, race, color, religion, sex, national origin, sexual orientation, protected veteran status, or disability.

Must have an Android or iOS device which is compatible with the free Microsoft Authenticator app.

Apply tot his job

Apply To this Job
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

Registered Nurse RN

Remote

Entry Level Recruiter

Remote

Regional Vice President of Sales

Remote

[Remote] Account Executive, Commercial

Remote

Remote Digital Content Creator – Storytelling, Social Media & Brand Engagement Specialist for arenaflex Entertainment (United States)

Remote

Bilingual Phone Triage Nurse (RN or LPN) (Not Remote)

Remote

Experienced Part-Time Remote Data Entry Operator – Flexible Online Home-Based Opportunities for Students

Remote

Experienced Remote Healthcare Customer Service Representative – Delivering Compassionate Support to Careerzynith Clients

Remote

Enterprise Services Project Manager (m/f/d)

Remote

Merck Senior Specialist, Grant Operations, US Patient Advocacy (USPA) (Remote) in Salt Lake City, Utah

Remote
← Back