ClearDATA is seeking a Security Risk Analyst (Contract Role) that wants to use their knowledge and expertise to truly make a difference in making healthcare better every single day!
Note: ClearDATA is conducting all interviewing and on-boarding virtually due to COVID-19. Everyone will work from home until it is safe to return to our offices at which point long-term, flexible work-from-home policies will be determined.
What You’ll Do
You will conduct in-depth security risk assessments, provide guidance for healthcare organizations, and facilitate corrective action plans in accordance with federal health information privacy and security regulations, statutes, and guidance, such as HIPAA. You will effectively execute on-site and remote healthcare security risk assessments, work independently, and collaborate with key internal and external stakeholders. Client organizations can include healthcare payers, providers, pharmaceuticals, and technology product and service providers.
You will need proven information security and compliance experience, as well as a technical IT background. You should be familiar with, and able to support, efforts that drive compliance and risk management initiatives.
- Security risk assessments will involve customer intake, information gathering, stakeholder interviews, and triaging artifacts for review and analysis.
- Conduct analysis, establish process maturity and capability. Identify procedural weaknesses and technical vulnerabilities.
- Interpret organizational security, privacy, and compliance risks.
- Evaluate effectiveness of implemented safeguards in providing adequate assurances for protecting the confidentiality, integrity, availability, authentication, and non-repudiation of electronic protected health information.
- Deliver reports outlining observations, risk findings, potential negative impact, and recommendations for remediation.
- Contextualize observations and provide guidance that supports organizational size, scope, resources, and expertise based on HIPAA’s “flexibility of approach.”
- Provide guidance that aligns with industry standards and best practices (e.g., NIST, ISO, CIS, COBIT), while adhering to legal and regulatory compliance mandates.
- Communicate assessment progress, risk findings, recommendations, and justifications professionally in virtual or in-person meetings.
- Complete engagement materials, documenting assessment feedback clearly and concisely.
- Develop risk management plans based on reasonable and appropriate observations and risk findings.
- Conduct follow-up activities and ongoing support involving customer corrective action plans and implementation of remediation recommendations.
- Working knowledge of various information technology models, such as on-premises and public, private, and hybrid cloud environments. Understanding of risks associated with sensitive data in IaaS, SaaS, and PaaS delivery models is a must.
- Detail-oriented; ability to multi-task in a fast-paced environment, striving for continuous improvement.
- Excellent project management skills requiring limited direction to complete professional quality work using Microsoft 365 products.
- Strong business acumen; track record of making reasonable and appropriate judgments.
- Knowledgebase of industry standards and best practices (e.g., NIST, ISO, CIS, COBIT) in support of healthcare organizations (e.g., providers, payers, pharma, technology product providers).
- Desired Certifications: CISSP, CRISC, CISA, HCISSP, CIPP, CHTS
- Bachelor’s Degree or higher preferred (e.g., accounting, business administration, information technology, or related major)
- Ability to travel 50%
ClearDATA is an EEO/AA employer M/F/V/D.