Information Security Risk Analyst

---

---

Job Title: Information Security Risk Analyst Location: Raleigh, NC (Remote) Contract Duration: 12+ Months Bill Rate: $60-80/hour Job Overview: The State fis seeking an experienced Information Security Risk Analyst to support the North Carolina Health Information Exchange Authority (NC HIEA). This role will ensure alignment with cybersecurity frameworks, drive proactive risk management, and prepare the organization for future HITRUST certification. Key Responsibilities: • Conduct the annual enterprise security risk assessment using NIST SP Security policy, ISO 27005 Security practices, or FAIR methodologies. • Ensure full alignment with NIST SP Revision 5 across control families, including: o RA (Risk Assessment) o AC (Access Control) o SC (System Communication Protection) o IR (Incident Response) o And additional relevant controls. • Integrate the NIST Privacy Framework and NIST SP Rev. 5 privacy controls (AP, AR, DI, DM, IP, SE, TR, UL). • Develop, maintain, and update a comprehensive risk register, including detailed mitigation plans (mitigation, transfer, acceptance, avoidance). • Map risks and mitigation strategies to HITRUST CSF control domains to support and advance certification efforts. • Deliver high-quality documentation, dashboards, and executive summaries for stakeholders and leadership. • Collaborate with internal teams to validate assessment findings and strengthen security governance practices. Required Skills & Qualifications: • Minimum 5 years of cybersecurity risk assessment and management experience. • Strong working knowledge of NIST SP Security policy, ISO 27005 Security practices, or FAIR methodologies. • Familiarity with HITRUST CSF and mapping controls for certification preparation. • Experience managing risk registers, creating treatment plans, and providing executive-level reporting. • Strong communication skills for working with cross-functional teams and leadership. • Demonstrated ability to translate complex security risks into actionable governance practices.

Keyword: IT Support

Price: $60.0

Information Security Security Analysis NIST Cybersecurity Framework HITRUST Common Security Framework Enterprise Risk Management Risk Analysis ISO 27001