Information Security Risk Analyst

Looking for a way to make an impact and help people? Join PacificSource and help our members access quality, affordable care! PacificSource is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to status as a protected veteran or a qualified individual with a disability, or other protected status, such as race, religion, color, national origin, sex, sexual orientation, gender identity or age. Diversity and Inclusion: PacificSource values the diversity of the people we hire and serve. We are committed to creating a diverse environment and fostering a workplace in which individual differences are appreciated, respected and responded to in ways that fully develop and utilize each person’s talents and strengths. Position Overview: Coordinate and support the information security risk identification and management process across the organization. Responsible for the implementation, coordination, maintenance and improvemen1 of the information security risk management program. Responsibilities include collaborating with appropriate stakeholders to coordinate and conduct risk assessments, appropriately documenting and managing identified risks to an acceptable level, monitoring progress and providing regular updates to leadership. Make recommendations for mitigations, corrective action plans, projects and strategic initiatives, to manage risk to an acceptable level. Coordinate and drive strategic information security governance and compliance activities. Essential Responsibilities: Coordinate, conduct, and support risk assessments to identify, evaluate, and address information security risks. Develop, standardize, manage, and improve the information security risk management process, to include the coordination of risk assessments, aggregation of assessment results, corrective action plans and reporting. Manage and coordinate Information Security compliance activities, to include achievement of HITRUST Alliance certification and PCI DSS compliance. Coordinate and manage the 3rd Party Risk and Vendor Risk Management (VRM) program. Successfully track, coordinate, project manage and drive remediation activities across teams within the organization. Educate, assist and guide stakeholders through the risk management process. Manage assigned projects according to life cycle (define, plan, execute, control). Maintain the information security risk register and other assigned information security tools. Develop and manage schedule, timelines, activities, and milestones. Actively contribute and support the information security and organizational objectives. Supporting Responsibilities: Meet department and company performance and attendance expectations. Follow the PacificSource privacy policy and HIPAA laws and regulations concerning confidentiality and security of protected health information. Ensure compliance with standards, policies, procedures, requirements, and regulations. Pilot new hardware and/or software and determine capabilities and/or limitations. Perform other duties as assigned. SUCCESS PROFILE Work Experience: Minimum of 3 years of experience in information technology and/or information security, risk management or compliance. Experience in risk and compliance management and process development in the areas of information technology and security required. Recent hands-on work experience with at least one of the following frameworks: HITRUST CSF, ISO 27001, ISO 27005, ISO 31009, and NIST SP800-30 preferred. Direct governance, risk, and compliance experience strongly preferred. Leading, coordinating or managing projects in a complex enterprise environment is preferred. Education, Certificates, Licenses: Bachelors in Risk Management, Finance, Business or related field is strongly preferred. Has training in and/or pursuing certifications in the area of information security, project management and technology auditing including, CISSP, CRISC, CTPRP, CISM, CGEIT, CISA, GIAC GSEC, and/or PMP. Knowledge: Solid understanding of common risk assessment and management methodologies. Strong knowledge of information security including a basic understanding of Third Party Risk Management, information security controls, industry standards and best practices such as the NIST 800 series, NIST CSF, HITRUST, OCTAVE, and ISO 27000 series necessary. Customer service oriented, and commitment to establishing and maintaining positive and healthy working relationships. Competencies Adaptability Building Customer Loyalty Building Strategic Work Relationships Building Trust Continuous Improvement Contributing to Team Success Planning and Organizing Work Standards Environment: Work inside in a general office setting with ergonomically configured equipment. Our Values We live and breathe our values. In fact, our culture is driven by these seven core values which guide us in how we do business: We are committed to doing the right thing. We are one team working toward a common goal. We are each responsible for customer service. We practice open communication at all levels of the company to foster individual, team and company growth. We actively participate in efforts to improve our many communities-internally and externally. We actively work to advance social justice, equity, diversity and inclusion in our workplace, the healthcare system and community. We encourage creativity, innovation, and the pursuit of excellence. Physical Requirements: Stoop and bend. Sit and/or stand for extended periods of time while performing core job functions. Repetitive motions to include typing, sorting and filing. Light lifting and carrying of files and business materials. Ability to read and comprehend both written and spoken English. Communicate clearly and effectively. Disclaimer: This job description indicates the general nature and level of work performed by employees within this position and is subject to change. It is not designed to contain or be interpreted as a comprehensive list of all duties, responsibilities, and qualifications required of employees assigned to this position. Employment remains AT-WILL at all times.