Job Details

Job Title: Security Risk Analyst
Job Location: New York, NY
Job Duration: 6 Months (possibility of extension)
Payrate: $35 - $45/ hr. on w2

Job Summary:

• The EITS Security Risk Analyst serves as the bridge between the CISO's strategy and the technical implementation teams.
• This role translates business and IT-risk needs into technical control requirements, manages risk activities through a GRC platform, and ensures that security controls, governance, and risk processes are consistently implemented across the enterprise.
• The analyst also acts as a subject matter expert (SME) on information security and compliance requirements relevant to HIPAA, COBIT, and other healthcare regulatory frameworks.

• Maintain and enforce the information security and risk management framework, including execution of risk analyses and mitigation plans.
• Track and document internal risk reviews, assessments, risk acceptances, and exceptions within a GRC tool.
• Support the development, documentation, and ongoing maintenance of risk governance methodologies, policies, and procedures.
• Organize and perform enterprise-level security risk assessments and gap analyses for technologies, applications, and new solutions.
• Maintain risk project plans and metrics for ongoing performance measurement and reporting.

• Work with data owners and stakeholders to classify information assets and ensure adherence to control frameworks.
• Collaborate with enterprise architecture and engineering teams to align business, technical, and security requirements.
• Assist in implementing technical and administrative security controls aligned with regulatory and audit needs.
• Conduct and respond to information security audits and assessments.

• Provide subject matter expertise on information security risks related to EMR systems, PHI, and healthcare regulatory requirements.
• Ensure compliance with HIPAA, Joint Commission, CMS, and state privacy regulations.
• Stay current with emerging threats, evolving regulations, and industry standards (NIST CSF, HITECH, ISO27001/27002, PCI DSS, COBIT).

• Facilitate meetings between business units, technical teams, and project leaders regarding risk and security deliverables.
• Provide clear, written and verbal reporting to management and leadership teams as required.
• Support planning and execution of remediation activities and recommend practical, cost-effective solutions.

• Hands-on experience using a GRC application (ServiceNow GRC, Archer, MetricStream, or equivalent).
• Strong understanding of security controls, risk assessment processes, and regulatory expectations.
• Experience reviewing IT solution requirements and validating control implementations.
• Ability to analyze complex security vulnerabilities and propose compensating controls.
• Strong analytical, documentation, and stakeholder-communication skills.

• Bachelor's degree in Information Systems or related field.

• CISSP, CISA, CRISC, or equivalent.

• Minimum 7 years of IT experience.
• Experience with formal GRC applications such as ServiceNow, Archer, MetricStream, or similar platforms.
• At least 5 years dedicated to IT Security Risk Management, Risk Assessments/Audits, Data Privacy Investigation, or related fields.
• Minimum 2 years in a leadership or supervisory capacity.