Security Risk Analyst

Home / job / Security Risk Analyst


This position is for a Security Risk Analyst. The Security Risk Management program addresses both internal and external risks. The SRA will conduct project and technology based risk assessments within the environment, conduct technical and nontechnical third party risk assessments, and recommend mitigating action or controls. The SRA will further identify and convey information security, physical security, business continuity, and, IT operational requirements to project teams, and the Sourcing department in support of new contracts and ongoing engagements. The primary responsibility of the SRA is to identify, analyze, and recommend mitigation strategies for information security risks.


  • Job Requirements


    • Perform third party vendor risk, project risk, or technology risk assessments.
    • Conduct on- site security assessments to measure the effectiveness of the third parties current control environment. (Travel Required).
    • Conduct ongoing security assessments to validate appropriate controls are in place.
    • Document and communicate with business and IT regarding security risks and deficiencies.
    • Provide Information Security consulting and subject matter expertise on third party service contracts and/or Sourcing arrangements.
    • Assess the adequacy of a vendor's security program to safeguard the client’s data.
    • Focus on developing and improving security processes, assisting in metrics development, both within the technology and business organizations.
    • Ensure proper evidence is gathered to facilitate timely closure of remediation plans.
    • Serve as advisors to the business by ensuring an ongoing awareness of identified risks.
    • Utilize expertise to identify evolving security threats and provide in-depth understanding of "if, how, and when" they should be addressed.
    • Evaluate and assess supplier criticality and review changes in scale and scope of services contracted with supplier for material impact. Confirm ongoing roles, responsibilities and persons involved with the Third Party.
    • Manage, monitor and track third party compliance to the Third Party Risk Management Program.
    • Monitor all applicable risk assessments are completed in the appropriate timeframe based on third party risk tier.
    • Individual judgment and decision making will be exercised to determine applicability of certain questions on various assessments based on the vendor service and vendor risk.
    • Database/Application/Network Layer Secure Protocols


    • Requires an excellent understanding of IT security concepts with an emphasis on Security and Risk Assessment.
    • Requires excellent knowledge of IT and computer systems.
    • Requires excellent understanding of internal and external audit process.
    • Requires in-depth understanding of Public Key Infrastructure (PKI), encryption, network security controls tools and functionalities.
    • Requires an in-depth understanding of Payment Card Industry - Data Security Standard (PCI-DSS), and proficiency in applying Health Information Portability and Accountability Act (HIPAA) security rules and National Institute of Standards and Technology (NIST) standards.
    • Requires demonstrated proficiency in applying Identity Management (IDM) concepts.

    Skills and Abilities:

    • Requires exceptional analytical thinking skills.
    • Requires excellent verbal and written communication skills
    • Requires the ability to handle multiple tasks and prioritize effectively.
    • Requires excellent PC skills and demonstrated proficiency with MS Office Suite.
    • Requires excellent interpersonal skills and the ability to work effectively with others as a team.


    • BA or BS degree in Computer Science, Information Technology/Systems, or related degree required
    • CISSP, CISA, or equivalent.


    • Third party, technology, and project risk assessment experience.
    • Experience with Governance, Risk, and Compliance tools.
    • 1 year experience in Risk Management.
    • 3-6 years of experience in an Information Technology Audit/Information Security.
    • Security policy, compliance, privacy, or regulatory experience (e.g., HIPAA, PCI) preferred.
    • Current and in-depth knowledge of health care compliance principles and practices including knowledge of Medicare, Medicaid, and HIPAA Security and Privacy laws, specifically in regards to third parties preferred.

    Proficient working knowledge within the following risk domains/technologies:

    • Change Management.
    • IDS/IPS technologies.
    • Firewall technologies.
    • Network Architecture.
    • Vulnerability Management.
    • System/Access Administration.
    • Key Management/Tokenization.
    • Database and application security.
    • Secure Software/Code Development.
    • Physical and Environmental Security.
    • Security Event Logging & Monitoring.



  • Job Type:
    Full Time
  • Job CIty
  • Job State:
  • Job Zip Code
  • Job Posting Status:
  • Bullhorn ID
  • Resumes:
    Account manager email
Interested in this Opportunity? Apply here and one of our recruiters will contact you shortly.
Apply Now
apply now >>