Information Security Risk Analyst II - IT Risk

About the position Join Novant Health's Information Technology team as an Information Security Risk Analyst, on the IT Governance, Risk, and Compliance (IT GRC) team, where you'll play a critical role in safeguarding our information systems and supporting our mission to deliver remarkable care. Schedule: 8:00AM - 5:00PM (On call support required, as needed). Location: Remote Department: ETS - Information Security. Responsibilities • Monitor and assess IT & security risks across information systems throughout their lifecycle. • Perform ongoing assessment of IT controls to ensure they are operating effectively and efficiently. • Identify and document sensitive data stored, transmitted, or processed within systems. • Enforce security principles such as least privilege and least functionality. • Provide actionable insights to senior leadership to support risk-informed decision-making. • Develop and maintain risk management procedures, including evaluating the significance of identified risks, defining acceptable mitigation strategies and risk tolerance, establishing ongoing risk monitoring practices, and ensuring effective oversight of the risk management strategy. Requirements • 4 Year / Bachelor's Degree, required. • Minimum three years Information Security Risk Analysis, Information Security, required. • (CRISC) and (CompTIA Security+ or CompTIA Healthcare IT Tech) or equivalent. (Two cert req), required. • Intermediate knowledge of risk management processes. • Intermediate knowledge of national laws, regulations, policies, and ethics as they relate to cybersecurity. • Intermediate knowledge of cybersecurity principles. • Intermediate knowledge of cyber threats and vulnerabilities. • Basic knowledge of cyber defense mitigation techniques and vulnerability assessment tools. • Intermediate knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. • Intermediate knowledge of information assurance (IA) principles. • Intermediate knowledge of current industry methods for evaluating, implementing, and disseminating IT security assessment tools. • Intermediate knowledge of new and emerging IT and cybersecurity technologies. • Intermediate knowledge of the organization's enterprise IT goals and objectives. • Intermediate knowledge of the organization's core business/mission processes. • Intermediate knowledge of Personally Identifiable Information (PII) and Payment Card Industry (PCI) data security standards. • Intermediate knowledge of applicable laws relevant to work performed. • Basic knowledge of IT supply chain security and risk management policies. • Intermediate skill in evaluating the trustworthiness of the supplier and/or product. • Intermediate knowledge of relevant laws, policies, procedures, or governance related to work impacting critical infrastructure. • Intermediate knowledge of information classification programs and procedures for information loss. • Interpersonal communication skill, both written and oral. • Attention to detail and organization skills. • Analysis and critical thinking skills. • Ability to develop productive working relationships with business and technical groups. • Ability to effectively prioritize multiple responsibilities. • Ability to take direction as well as work with a moderate degree of independence. • Ability to work as a member of a team. • Ability to eagerly seize responsibility and ownership for assigned tasks. • Ability to drive/travel to multiple locations/facilities as needed. Nice-to-haves • Basic knowledge of information security architecture principles. • Basic knowledge of incident response methodologies. • Basic knowledge of security tools (IDS, FIM, Vulnerability Scanner, SIEM, Forensics, Network Mapping, Penetration Testing, Encryption, etc.). • Basic knowledge of penetration testing methods. • Basic knowledge of systems testing and evaluation methods. Apply tot his job