DataStaff, Inc. is currently seeking an Information Security Risk Analyst for a long-term contract opportunity with one of our direct clients in Raleigh, NC.
This position is remote
Responsibilities:
- Lead the execution the annual enterprise security risk assessment.
- Ensures compliance with industry-standard frameworks, supports proactive risk mitigation, & positions HIEA for future HITRUST certification.
- Plan and conduct the annual enterprise security risk assessment using NIST SP 800-30, ISO 27005, or FAIR methodologies.
- Ensure full alignment with NIST SP 800-53 Revision 5, including: RA (Risk Assessment), AC (Access Control), SC (System Communications Protection), IR (Incident Response), and more.
- Incorporate NIST Privacy Framework and NIST SP 800-53 Rev. 5 privacy control families (AP, AR, DI, DM, IP, SE, TR, UL).
- Build and maintain a comprehensive risk register, with treatment plans for mitigation, transfer, acceptance, or avoidance.
- Map risks and mitigation efforts to HITRUST CSF control domains to support future certification
- Develop and deliver documentation, dashboards, and executive summaries.
- Collaborate with internal stakeholders to validate findings and support security governance efforts.
Desired Skills:
- 5 Years - Experience in IT risk management, cybersecurity, or information security assessment.
- 5 Years - Demonstrated knowledge of NIST SP 800-30, NIST SP 800-53 Rev. 5, and NIST Privacy Framework.
- 5 Years - Experience performing security and privacy risk assessments with documentation aligned to federal and state standards.
- 5 Years - Familiarity with HIPAA Security and Privacy Rules, and healthcare-specific risk domains.
- 5 Years - Experience with HITRUST CSF alignment or certification preparation.
- 5 Years - Strong written and verbal communication skills for technical and executive audiences.
This opportunity is available on a corp-to-corp basis or as a W2 position with a competitive benefits package. DataStaff, Inc. offers medical, dental, and vision coverage options. As many of our opportunities are long-term, we also have a 401K program available for employees after 6 months.