IT Technical Specialist, Information Security Risk Analyst (NC762829)

IT Technical Specialist, Information Security Risk Analyst (NC762829)

1.   This engagement ensures compliance with industry-standard frameworks, supports proactive risk mitigation, & positions HIEA for future HITRUST certification.Plan and conduct HIEA’s annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies.
2.   Ensure full alignment with NIST SP 800-53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more.
3.   Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL).
4.   Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
5.   Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
6.   Develop and deliver documentation, dashboards, and executive summaries.
7.   Collaborate with internal stakeholders to validate findings and support security governance efforts.