City/State

Work Shift

Overview:

Overview

A highly motivated and experienced Cybersecurity Risk Analyst is sought with a strong background in assessing and managing cybersecurity risks at both the application and enterprise levels. The ideal candidate will be comfortable engaging with stakeholders across various business units capable of independently guiding teams through risk rating and remediation processes and experienced in handling policy exceptions and drafting procedural documentation. Familiarity with platforms like ServiceNow for risk management and program building and a solid understanding of regulations such as HIPAAincluding experience with HIPAA Security Assessments or Health Industry Cybersecurity Practices (HICP) assessmentsis preferred.

Responsibilities

• Conduct comprehensive risk assessments across applications systems and enterprise-wide initiatives to identify potential threats vulnerabilities and their impact on confidentiality integrity and availability of data.
• Lead or support the execution of HIPAA Security Risk Assessments (SRA) and/or HICP assessments including documenting findings recommending corrective actions and ensuring ongoing compliance.
• Independently conduct risk rating for issues using ISO COBIT NIST frameworks in partnership with other stakeholders. Additionally guide and facilitate diverse business units in performing their own risk ratings to help them understand risk implications and remediation priorities.
• Collaborate with the stakeholders in developing and implementing risk mitigation strategies aligned with industry standards and best practices such as NIST ISO 27001 and HIPAA.
• Utilize Governance Risk and Compliance (GRC) toolsspecifically ServiceNowto manage risk registers track remediation plans automate workflows and generate reports on risk status and compliance metrics.
• Manage and oversee policy exception processes including documentation risk analysis and tracking.
• Stay current with the evolving threat landscape regulatory changes and emerging cybersecurity technologies to proactively identify and address potential risks.
• Contribute to the continuous improvement of the organizations risk management program and cybersecurity posture.
• Draft clear and actionable procedure documents and other risk-related documentation to support policy implementation and operational consistency.
• Develop and deliver training and awareness programs to educate employees on cybersecurity risks policies and best practices.
• Participate in incident response activities providing risk analysis and remediation support as needed.

.

Education

• Bachelors Degree (Preferred)

• Experience in lieu of Bachelors Degree - 5 years of relevant experience without a degree

Certification/Licensure

• No specific certification or licensure requirements

Experience

• 3-5 years of experience in cybersecurity risk management including performing risk assessments at both application and enterprise levels.
• Hands-on experience with GRC platforms particularly ServiceNow including modules related to risk compliance and policy management.
• Demonstrated expertise in conducting risk assessments and developing mitigation strategies aligned with HIPAA NIST and ISO 27001.
• Experience with HIPAA Security Risk Assessments and/or HICP assessments.
• Proven ability to work independently manage multiple projects and collaborate with cross-functional teams.
• Experience managing policy exceptions including evaluating risks and ensuring proper documentation and approvals.
• Skilled in drafting procedures and operational documentation related to cybersecurity risk and compliance processes.
• Strong understanding of security principles technical controls and common attack vectors.
• Excellent communication interpersonal and presentation skills with the ability to effectively engage technical and non-technical stakeholders across all levels.
• Strong analytical problem-solving and critical thinking abilities.

Sentara Health is an equal opportunity employer and prides itself on the diversity and inclusiveness of its close to an almost 30000-member workforce. Diversity inclusion and belonging is a guiding principle of the organization to ensure its workforce reflects the communities it serves.

In support of our mission to improve health every day this is a tobacco-free environment.

For positions that are available as remote work Sentara Health employs associates in the following states:

Alabama Delaware Florida Georgia Idaho Indiana Kansas Louisiana Maine Maryland Minnesota Nebraska Nevada New Hampshire North Carolina North Dakota Ohio Oklahoma Pennsylvania South Carolina South Dakota Tennessee Texas Utah Virginia Washington West Virginia Wisconsin and Wyoming.