Sr. Cyber Risk Analyst - Novant Health Charlotte, NC, USA Bookmark Share Print 398 0 1

Listing Description

The Sr. Information Security Risk Analyst is responsible for maintaining awareness of the security state of information systems on an ongoing basis and providing essential information to senior leaders to facilitate decisions regarding risk to organizational operations, assets, and individuals.

The Sr. Information Security Risk Analyst develops, documents and maintains the procedures Novant Health leverages to evaluate the significance of risks identified during risk assessments, the acceptable risk mitigation measures Novant Health employs to address identified risks, the level of risk Novant Health plans to accept (i.e., risk tolerance), how Novant Health monitors risk on an ongoing basis, and the type of oversight Novant Health uses to ensure that the risk management strategy is being effectively carried out.

The Sr. Information Security Risk Analyst ensures that managing information system-related security risks is consistent with the organization’s mission/business objectives and overall risk strategy established by senior leadership.  

·         Minimum five years Information Security Risk Analysis, Information Security required.

·         Advanced knowledge of risk management processes (e.g., methods for assessing and mitigating risk).

·         Intermediate knowledge of national laws, regulations, policies, and ethics as they relate to cybersecurity.

·         Advanced knowledge of cybersecurity principles. Intermediate knowledge of cyber threats and vulnerabilities.

·         Basic knowledge of cyber defense mitigation techniques and vulnerability assessment tools, including open source tools, and their capabilities.

·         Intermediate knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins.

·         Advanced knowledge of information assurance (IA) principles and organizational requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data. Advanced knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures, utilizing standards-based concepts, and capabilities.

·         Intermediate knowledge of new and emerging Information Technology (IT) and cyber security technologies. Advanced knowledge of the organization’s enterprise information technology (IT) goals and objectives.

·         Intermediate knowledge of Personally Identifiable Information (PII) and Payment Card Industry (PCI) data security standards.

·         Advanced knowledge of information classification programs and procedures for information loss. Advanced interpersonal communication skill, both written and oral, with the ability to communicate effectively to technical and non-technical audiences.

·         Basic knowledge of security tools (IDS, FIM, Vulnerability Scanner, SIEM, Forensics, Network Mapping, Penetration Testing, Encryption, etc.). 

·         Licensure/Certification:  (CISSP or HCISSP) and (CRISC) and (CompTIA Security+ or CompTIA Healthcare IT Tech) or CRISC or equivalent. Three cert required