Job43 – EITS Security Risk Analyst B (Engagement)

Location: 100% Remote Max Submissions: 5 Proposed Start Date: ASAP Proposed End Date: 06/30/2026

Role Overview

Serve as a liaison between the CISO’s strategic initiatives and the IT operational teams.

Translate business IT risk requirements into technical control specifications.

Develop risk metrics for performance measurement and reporting.

Coordinate enterprise-level security and risk management efforts.

Act as a subject matter expert (SME) on information security and regulatory compliance.

Key Responsibilities

🔹 Security & Risk Management

Maintain and enforce the enterprise information security and risk management framework.

Conduct risk analysis and develop mitigation strategies.

Monitor and assess the enterprise threat landscape.

Provide realistic risk reporting to the CISO and leadership teams.

Track and document internal risk reviews, assessments, and exceptions using a GRC tool.

🔹 Governance & Compliance

Document and maintain risk governance methodologies, policies, and procedures.

Ensure compliance with:

HIPAA

Joint Commission

DSRIP

COBIT

State privacy laws

Conduct and support internal and external audits (operational, compliance, reputational, security).

Serve as SME for EMR and PHI-related security risks.

🔹 Risk Assessments & Gap Analysis

Perform enterprise security risk assessments and gap analyses for new technologies and products.

Develop and manage risk remediation plans and work plans.

Identify information asset owners for data classification initiatives.

Support risk exception and risk acceptance documentation processes.

🔹 Technical & Cross-Functional Collaboration

Partner with enterprise architecture teams to align business, technical, and security requirements.

Collaborate with security engineering teams to implement security controls.

Facilitate meetings between stakeholders and IT teams.

Provide written and verbal reports to leadership and committees (including Operational Risk Committee).

Required Qualifications

🔹 Experience

Minimum 7 years of IT experience

At least 5 years in IT Security Risk Management / Risk Audit / Data Privacy Investigation

Minimum 2 years in a supervisory capacity

🔹 Healthcare Industry Expertise (Required)

Strong understanding of:

EMR systems

PHI data privacy

Healthcare regulatory environment

Experience with HIPAA, Joint Commission, CMS regulations

🔹 GRC & Security Framework Knowledge

Hands-on experience with GRC tools (ServiceNow, Archer, MetricStream preferred)

Working knowledge of:

NIST CSF

HITECH

ISO 27001/27002

PCI DSS

COBIT

🔹 Technical Skills

Experience reviewing IT solution requirements and implementing security controls

Strong analytical and risk assessment skills

Ability to design compensating controls for security vulnerabilities

Ability to assess business impact of security tools and policies

Education & Certifications

Bachelor’s degree in Information Systems or related field

Preferred Certifications:

CISSP

CISA

CRISC

Other relevant security certifications

Preferred Soft Skills

High integrity and ability to work independently

Strong communication and reporting skills

Ability to work in fast-moving environments

Experience participating in special projects

Ability to support various locations and flexible shifts if required

Thanks & Regards

Bhanu Prakash

DeltaSoft Solutions

bhanu.prakash@deltasoftgroup.com