Job summary:


Title:
Information Security Risk Analyst

Location:
Remote

Length and terms:
Long term - W2 or C2C


Position created on 05/09/2025 07:30 pm

Job description:


Interview Type: Webcam Interview Only *** Very long term project initial PO for 1 year, expect to go for 4+ years *** Remote***

skilled Information Security Risk Analyst on a contract basis to lead the execution of its annual enterprise security risk assessment.

Job Description:

  • This engagement ensures compliance with industry standard frameworks, supports proactive risk mitigation, & positions NC HIEA for future HITRUST certification.Plan and conduct NC HIEA s annual enterprise security risk assessment using NIST SP 800 30, ISO 27005, or FAIR methodologies.
  • Ensure full alignment with NIST SP 800 53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more.
  •  Incorporate NIST Privacy Framework and NIST SP 800 53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL).
  • Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
  • Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
  • Develop and deliver documentation, dashboards, and executive summaries.
  •  Collaborate with internal stakeholders to validate findings and support security governance efforts.

Highly Desired Skills:

  • Experience in IT risk management, cybersecurity, or information security assessment. 5 Years
  • Demonstrated knowledge of NIST SP 800 30, NIST SP 800 53 Rev. 5, and NIST Privacy Framework. 5 Years
  • Experience performing security and privacy risk assessments with documentation aligned to federal and state standards. 5 Years
  • Familiarity with HIPAA Security and Privacy Rules, and healthcarespecific risk domains. 5 Years
  • Experience with HITRUST CSF alignment or certification preparation. 5 Years
  • Strong written and verbal communication skills for technical and executive audiences. 5 Years

Contact the recruiter working on this position:



The recruiter working on this position is Fazal(Shaji Team) Uddin
His/her contact number is +(1) (703) 4684697
His/her contact email is fazal@msysinc.com

Our recruiters will be more than happy to help you to get this contract.