Reporting to the IS Risk Manager, the IS Associate Risk Analyst will assist with the information security risk assessment program through active engagement with business owners including data gathering, analysis, and reporting. Under the direction of the IS Risk Manager, the IS Associate Risk Analyst will be responsible for assisting in establishing, documenting, and executing a risk assessment and treatment process for ensuring that organizational departments and third-parties meet our client's expectations for protecting data. The IS Associate Risk Analyst will assist with information security aspects of business initiatives and IT projects to assist in mitigating security risks for information, business and operational applications, and systems across the organization. KEY RESPONSIBILITIES Executes the day-to-day operational responsibilities and activities of the Security Awareness Program, including developing content for and delivering through a variety of communications vehicles Executes the day-to-day operational responsibilities and activities of the Security Training Program, including development and delivery of training materials Develops and delivers ad-hoc Information Security communications to the workforce Assists with developing, deploying, and maintaining an objective risk assessment methodology for threat, compliance, risk identification, prioritization, and relative comparison of information security and compliance risks Evaluates and audits internal controls to ensure compliance with authoritative obligations Evaluates and assists with identifying information security requirements andor recommendations to reduce risk using guidance from policy, standards, best practices, and knowledge of the threat environment Evaluates and ensures compliance of organization's hardware and software with IS Security policies and industry security standards Assists in the execution of third-party risk assessment and treatment process Participates, when necessary, in requirement, design, and approach sessions with Office of Information Security team Assists with front line response for troubleshooting low-level information security issues as needed Assists in research and evaluation of new security products and services Researches and stays current on security best practices and technologies, threats and vulnerabilities, and information security related regulations Updates and develops risk management processes and submits to the IS Risk Manager for approval Determines appropriate security controls necessary to maintain compliance with authoritative obligations. This involves interpretation, risk analysis, and identification of appropriate safeguards to mitigate the risks, and overseeing their implementation Assists leadership with information services risk management projects and Performs other duties as assigned. REQUIRED KNOWLEDGE SKILLS Behavioral Competencies Initiative Organizational astuteness Influencing and negotiating High standards Teamworkcollaboration Responsiveness to customers Analytical thinking Developing self and others Confidence and high integrity Process improvement Writing Presenting Technical Skills Understanding of information security and privacy concepts and practices Understanding of information technology concepts and practices Ability to analyze security risks using a balanced approached and exercising excellent judgment skills Ability to communicate effectively Ability to think and plan creatively and effectively Ability to understand and assess business risk Ability to relate with regulators and other external auditors and understand their needs Ability to maintain professional image and enthusiasm Ability to operate with great latitude and resourcefulness multiple cross-functional teams EDUCATIONEXPERIENCELICENSURETECHNICALOTHER I. Education Bachelor's degree or equivalent experience. II. Experience 1-3 years of relevant experience. III. CertificationLicensure NA IV. SoftwareHardware Microsoft Office suite Meditech. V. Other Familiarity with contractual, municipal, state and federal privacy and security requirements, including HIPAA, HITECH, Omnibus, Meaningful Use, MA-201.CMR.17, MA-93h, MA-93i Familiarity with best practice Information Security and Risk Management Frameworks, including ISO-27000, ISO-20000, NIST-SP-800, HITRUST and FIPSFISMA, COBIT, GIAC
* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.