Certified Woman & Minority Owned

Information Security Risk Analyst


Reference Number: BTNCN29

Information Security Risk Analyst
experience  Not Disclosed
location  Raleigh, NC (100% Remote)
duration  11.5 Months
salary  Not Disclosed
jobtype  Not Disclosed
Industry  Government - State
duration  $80.7/hour - $85.7/hour
Job Description

Description:

  • The client is seeking a skilled Information Security Risk Analyst on a contract basis to lead the execution of its annual enterprise security risk assessment.

  • This engagement ensures compliance with industry-standard frameworks, supports proactive risk mitigation, & positions client for future HITRUST certification. Plan and conduct the client’s annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies.
  • Ensure full alignment with NIST SP 800-53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more.
  • Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL).
  • Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
  • Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
  • Develop and deliver documentation, dashboards, and executive summaries.
  • Collaborate with internal stakeholders to validate findings and support security governance efforts.

Require/Desired Skills:

Skill - Required / Desired - Amount of Experience

  • Experience in IT risk management, cybersecurity, or information security assessment. - Highly desired - 5 Years
  • Demonstrated knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and NIST Privacy Framework. - Highly desired - 5 Years
  • Experience performing security and privacy risk assessments with documentation aligned to client standards. - Highly desired - 5 Years
  • Familiarity with HIPAA Security and Privacy Rules, and healthcare-specific risk domains. - Highly desired - 5 Years
  • Experience with HITRUST CSF alignment or certification preparation. - Highly desired - 5 Years
  • Strong written and verbal communication skills for technical and executive audiences. - Highly desired - 5 Years

Note:

Remote


VIVA is an equal opportunity employer. All qualified applicants have an equal opportunity for placement, and all employees have an equal opportunity to develop on the job. This means that VIVA will not discriminate against any employee or qualified applicant on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, disability or protected veteran status

Apply for this Job





(Please ensure email matches your resume email)



(document types allowed: doc/docx/rtf/pdf/txt) (max 2MB)

By submitting this form, you are consenting to the VIVA team contacting you via Phone/Email

Join VIVA and grow

VIVA is faster, easier and you still have complete control