Senior Security Risk Analyst - Vendor Compliance!

Company Name:The Bowdoin GroupA large prestigious healthcare organization is looking for a Senior Security Risk Analyst to join their team for an exciting 8 month contract opportunity!Must haves:-5+ years of security experience-Risk management experience-Some sort of PM experience (Don't need to have had a PM title. Since there are a large number of companies they deal with and a defined deadline, he needs someone comfortable driving the project and able to juggle many things at the same time.)-Interpersonal skills are extremely important with this role. Need to be able to follow up with BX business partners.Position Summary:Responsible for developing and documenting system security requirements and ensuring compliance validation. Utilizes knowledge of applicable state and federal security and privacy regulations and security best practices to champion approaches across the business and IT delivery teams. Exhibits strong interpersonal relationships with CLP procurement teams, Audit and Compliance team, architecture team, business partners, project managers, the IT delivery teams and Quality Assurance team. Participate in cross-functional teams to develop security policies, standards and procedures assisting to communicate these to the IT Division.Key Accountabilities:1. ImplementationResponsible for the execution of and process improvements to the enterprise 3rdParty Services risk management program including, but not limited to:Ensuring compliance with Third Party Services Policy and StandardPerforming Risk Analysis to assess the security risk of vendor partnersEvaluating the security attestations, credentials, certifications and evidence presented by vendorsCommunicating vendor security risk effectively to all stakeholders including IT and business senior leadershipAssisting stakeholders with plans to mitigate risk including negotiating appropriate contractual terms with vendorsEnsuring and facilitating risk decisions by appropriate leadership levels within the organizationMonitoring compliance with agreed upon risk mitigationsOperational Management Responsible for production and improvement of scheduled and periodic metrics and reporting to provide operational and oversight visibility to cross-department stakeholders: Measure the effectiveness and efficiency of the Information Risk Management programSupport the Annual Enterprise Risk Assessment (HITECH Act, MGL93H, ACST)Key Competencies:Adaptability & Growth Actively seeks information and instructs others to understand changes Adapts leadership work style to fit environment Capable of leading others to follow through on cross-functional tasks.Analyzing Needs & Proposing Solutions Owns problems and solutions. Empowers teams to make decisions and own solutions to problems instead of constant escalation. Draws upon diverse sources for ideas and inspiration in creative problem-solving activitiesFostering Teamwork& Collaboration Seeks and develops suggestions from others, drives partnering relationships Uses appropriate influencing techniques to gain genuine agreement. Persists by using different approachesBuilding Trust Understands and represents multiple perspectives so that others understand positions and policies Champions the perspectives of different partners even in the face of resistance Serves as a role model for others.Communicating Effectively Creates plans for communicating information to business partners Employs diverse media to summarize and convey results depending on the audience Recognized as business unit expert in external communication, serves as a role model for others.Acting with Urgency Regularly takes actions that go beyond requirements to achieve objectives Provides leadership and direction for project execution Provides expertise to identify potential problems and executes adjustments to project timelines, tasks and resources allocation as required.Background and Experience: BA or BS degree in Systems, IT, Business Management, or related degree preferred; or equivalent experience Minimum 4+ years of Analyst or Project Management experience in the Information Security domain CISSP strongly preferred Experience achieving compliance with HIPAA and other state and federal privacy regulations preferred

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.