Privacy & Info Security Risk Mgmt Analyst II - 100% Remote - 6+ Months Contract
Job Details:
Job Title: Privacy & Info Security Risk Mgmt Analyst II
Location: 100% Remote
Duration: 6+ Months Contract
Notes: Client is looking for someone with a mix of GRC reporting and Remediation, along with Security awareness training.
Description:
⢠These Principal Accountabilities, Requirements, and Qualifications are not exhaustive, but are merely the most descriptive of the current job.
⢠Management reserves the right to revise the job description or require that other tasks be performed when the circumstances of the job change.
⢠change (for example, emergencies, staff changes, workload, or technical development).
Job Accountabilities:
Security Risk Review-Measurement and Reporting:
⢠Establishes metrics and contributes to the overall plan associated with the security dashboards and scorecards to inform business leaders of information security-related risks.
⢠Maintains accurate and thorough documentation of all security risk review activities in the governance, risk management, and compliance (GRC) platform.
⢠Develops and validates recommended corrective action plans for projects, assessments, and other identified risks.
⢠Advises and guides remediation activities required for risk mitigation, including building and maintaining an inventory of security controls, risks, and control gaps.
⢠Upholds the confidentiality of all privacy and risk management data.
Security Plans and Consulting:
⢠Serves as a technical security lead on small, medium, large, and complex projects
⢠Briefs Information Security teams regarding emerging threats and provides recommendations on technical and administrative controls to mitigate or reduce risk to Client.
⢠Performs and reviews evaluation of incident activities (cost and resource analysis), including making recommendations for corrective actions and preventative measures.
⢠Collaborates and leads with engineering and other technical disciplines to integrate security controls to protect client information, services, data, applications, and resources.
Security Training and Awareness:
⢠Provides security training to staff members through new hire orientation, just-in-time training, and regular department training.
⢠Acts as an Information Security liaison and subject matter expert working with Privacy and Office of General Counsel (OGC) leadership.
⢠Researches, develops, and provides technical security training on best practices and risk measurement methods for Ostaffers.
Policies And Procedures:
⢠Develops, reviews, and revises information security policies, procedures, and standards to reflect regulatory requirements, security best practices, and evolving technologies.
⢠Demonstrates working knowledge and understanding of privacy and information security risk management best practices and methodologies, specifically the procedures used within the healthcare environment.
⢠Assists in drafting policies, procedures, and processes to implement new and revised regulations, as needed.
Research And Analysis:
⢠Conducts technical security-related research and analysis and then translates the results into meaningful input for the Information Security and Risk Management program.
⢠Helps lead the development of the information security controls framework and controls testing methodologies.
⢠Ensures the technical accuracy during the researching, outlining, and writing of documentation such as internal publication of white papers, position papers, and other guidance documents.
⢠Remains technically current on new technologies through reading, seminars, workshops, and vendor information.
Education:
⢠Equivalent experience will be accepted in lieu of the required degree or diploma.
⢠Bachelor''s in Business, Computer Science, Engineering, Information Security, Management, Mathematics, Science, Technology, or related field.
Job Title: Privacy & Info Security Risk Mgmt Analyst II
Location: 100% Remote
Duration: 6+ Months Contract
Notes: Client is looking for someone with a mix of GRC reporting and Remediation, along with Security awareness training.
Description:
⢠These Principal Accountabilities, Requirements, and Qualifications are not exhaustive, but are merely the most descriptive of the current job.
⢠Management reserves the right to revise the job description or require that other tasks be performed when the circumstances of the job change.
⢠change (for example, emergencies, staff changes, workload, or technical development).
Job Accountabilities:
Security Risk Review-Measurement and Reporting:
⢠Establishes metrics and contributes to the overall plan associated with the security dashboards and scorecards to inform business leaders of information security-related risks.
⢠Maintains accurate and thorough documentation of all security risk review activities in the governance, risk management, and compliance (GRC) platform.
⢠Develops and validates recommended corrective action plans for projects, assessments, and other identified risks.
⢠Advises and guides remediation activities required for risk mitigation, including building and maintaining an inventory of security controls, risks, and control gaps.
⢠Upholds the confidentiality of all privacy and risk management data.
Security Plans and Consulting:
⢠Serves as a technical security lead on small, medium, large, and complex projects
⢠Briefs Information Security teams regarding emerging threats and provides recommendations on technical and administrative controls to mitigate or reduce risk to Client.
⢠Performs and reviews evaluation of incident activities (cost and resource analysis), including making recommendations for corrective actions and preventative measures.
⢠Collaborates and leads with engineering and other technical disciplines to integrate security controls to protect client information, services, data, applications, and resources.
Security Training and Awareness:
⢠Provides security training to staff members through new hire orientation, just-in-time training, and regular department training.
⢠Acts as an Information Security liaison and subject matter expert working with Privacy and Office of General Counsel (OGC) leadership.
⢠Researches, develops, and provides technical security training on best practices and risk measurement methods for Ostaffers.
Policies And Procedures:
⢠Develops, reviews, and revises information security policies, procedures, and standards to reflect regulatory requirements, security best practices, and evolving technologies.
⢠Demonstrates working knowledge and understanding of privacy and information security risk management best practices and methodologies, specifically the procedures used within the healthcare environment.
⢠Assists in drafting policies, procedures, and processes to implement new and revised regulations, as needed.
Research And Analysis:
⢠Conducts technical security-related research and analysis and then translates the results into meaningful input for the Information Security and Risk Management program.
⢠Helps lead the development of the information security controls framework and controls testing methodologies.
⢠Ensures the technical accuracy during the researching, outlining, and writing of documentation such as internal publication of white papers, position papers, and other guidance documents.
⢠Remains technically current on new technologies through reading, seminars, workshops, and vendor information.
Education:
⢠Equivalent experience will be accepted in lieu of the required degree or diploma.
⢠Bachelor''s in Business, Computer Science, Engineering, Information Security, Management, Mathematics, Science, Technology, or related field.