Sr. Risk Analyst

What We’re Looking For

We are seeking a seasoned Senior Risk Analyst to spearhead the development and support of our Data Governance program in collaboration with our Privacy Office. This role encompasses managing risk exception processes, conducting vendor assessments, leading training and awareness initiatives, and providing comprehensive support for compliance activities related to PCI, SOC 2, and HIPAA standards. As a key member of the Information Security Governance, Risk, and Compliance (GRC) .

What You Will Do

• Data Governance Program Development: Lead the creation and implementation of a robust Data Governance framework, ensuring alignment with organizational objectives and regulatory requirements.​
• Collaboration with Privacy Office: Partner with the Privacy Office to ensure data governance strategies effectively address privacy concerns and comply with relevant regulations.​
• Risk Management: Manage the risk exception process by evaluating, documenting, and tracking risk exceptions, and recommending appropriate mitigation strategies.​
• Vendor Assessments: Conduct thorough security assessments of third-party vendors to evaluate their compliance with organizational security standards and regulatory requirements.​
• Training and Awareness: Develop and deliver comprehensive training programs to enhance employee awareness of data governance policies, security protocols, and compliance obligations.​
• Compliance Support: Provide expert support for compliance activities related to PCI, SOC 2, HIPAA, and other relevant frameworks, ensuring adherence to industry standards and regulations.​
• Policy Development: Simplify complex security compliance requirements into clear technical control specifications and organizational policies.​
• Continuous Improvement: Identify and communicate control gaps, contributing to the development and implementation of remediation plans to enhance the organization's security posture.​

What You Need to Succeed

• Experience: A minimum of 5 years in security, audits, customer assurance, control assessments, or risk assessments based on security and privacy frameworks such as SOC 2, ISO 27001, HIPAA, PCI, HITRUST, NIST 800-53, or FedRAMP.​
• Technical Proficiency: Proven experience in performing technical assessments and documentation of key controls and security processes, with a solid understanding of IT processes and industry best practices.​
• Analytical Skills: Strong analytical and problem-solving abilities, with a keen attention to detail and the capacity to manage multiple priorities in a fast-paced environment.​
• Communication Skills: Excellent communication and interpersonal skills, capable of effectively engaging with cross-functional teams, stakeholders, and customers.​
• Adaptability: Ability to operate effectively in ambiguous situations, demonstrating flexibility and resilience.​

What Helps You Stand Out

• Certifications: Possession of industry-recognized security, cloud, or audit professional certifications such as CISA, CISM, CISSP, or CCSP.​
• Healthcare Industry Experience: Prior experience in IT security and audit within the healthcare sector.​
• Cloud Security Knowledge: Familiarity with cloud services environments (e.g., AWS) and cloud security controls.