Sr. Information Security Risk Analyst [HIPAA & HITRUST & NIST SP 800-30, NIST SP 800-53
Summary
| Title: | Sr. Information Security Risk Analyst [HIPAA & HITRUST & NIST SP 800-30, NIST SP 800-53 |
|---|---|
| ID: | 83320852 |
Description
Sr. Information Security Risk Analyst [Must Have HIPAA & HITRUST & NIST SP 800-30, NIST SP 800-53]
221 E Lane Street, Raleigh, NC/REMOTE
12 Months
Description:
The North Carolina Health Information Exchange Authority is seeking a skilled Information Security Risk Analyst on a contract basis to lead the execution of its annual enterprise security risk assessment.
- This engagement ensures compliance with industry-standard frameworks, supports proactive risk mitigation, & positions NC HIEA for future HITRUST certification.Plan and conduct NC HIEA’s annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies.
- Ensure full alignment with NIST SP 800-53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more.
- Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL).
- Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
- Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
- Develop and deliver documentation, dashboards, and executive summaries.
- Collaborate with internal stakeholders to validate findings and support security governance efforts.
