Senior Security Risk Analyst - Vendor Compliance!

Company Name:
The Bowdoin Group
A large prestigious healthcare organization is looking for a Senior Security Risk Analyst to join their team for an exciting 8 month contract opportunity!
Must haves:
-5+ years of security experience
-Risk management experience
-Some sort of PM experience (Don't need to have had a PM title. Since there are a large number of companies they deal with and a defined deadline, he needs someone comfortable driving the project and able to juggle many things at the same time.)
-Interpersonal skills are extremely important with this role. Need to be able to follow up with BX business partners.
Position Summary:
Responsible for developing and documenting system security requirements and ensuring compliance validation. Utilizes knowledge of applicable state and federal security and privacy regulations and security best practices to champion approaches across the business and IT delivery teams. Exhibits strong interpersonal relationships with CLP procurement teams, Audit and Compliance team, architecture team, business partners, project managers, the IT delivery teams and Quality Assurance team. Participate in cross-functional teams to develop security policies, standards and procedures assisting to communicate these to the IT Division.
Key Accountabilities:
1. Implementation
Responsible for the execution of and process improvements to the enterprise 3
Party Services risk management program including, but not limited to:
Ensuring compliance with Third Party Services Policy and Standard
Performing Risk Analysis to assess the security risk of vendor partners
Evaluating the security attestations, credentials, certifications and evidence presented by vendors
Communicating vendor security risk effectively to all stakeholders including IT and business senior leadership
Assisting stakeholders with plans to mitigate risk including negotiating appropriate contractual terms with vendors
Ensuring and facilitating risk decisions by appropriate leadership levels within the organization
Monitoring compliance with agreed upon risk mitigations
Operational Management

Responsible for production and improvement of scheduled and periodic metrics and reporting to provide operational and oversight visibility to cross-department stakeholders:

Measure the effectiveness and efficiency of the Information Risk Management program
Support the Annual Enterprise Risk Assessment (HITECH Act, MGL93H, ACST)
Key Competencies:
Adaptability & Growth
Actively seeks information and instructs others to understand changes
Adapts leadership work style to fit environment
Capable of leading others to follow through on cross-functional tasks.
Analyzing Needs & Proposing Solutions
Owns problems and solutions. Empowers teams to make decisions and own solutions to problems instead of constant escalation.
Draws upon diverse sources for ideas and inspiration in creative problem-solving activities
Fostering Teamwork& Collaboration
Seeks and develops suggestions from others, drives partnering relationships
Uses appropriate influencing techniques to gain genuine agreement.
Persists by using different approaches
Building Trust
Understands and represents multiple perspectives so that others understand positions and policies
Champions the perspectives of different partners even in the face of resistance
Serves as a role model for others.
Communicating Effectively
Creates plans for communicating information to business partners
Employs diverse media to summarize and convey results depending on the audience
Recognized as business unit expert in external communication, serves as a role model for others.
Acting with Urgency
Regularly takes actions that go beyond requirements to achieve objectives
Provides leadership and direction for project execution
Provides expertise to identify potential problems and executes adjustments to project timelines, tasks and resources allocation as required.
Background and Experience:
BA or BS degree in Systems, IT, Business Management, or related degree preferred; or equivalent experience
Minimum 4+ years of Analyst or Project Management experience in the Information Security domain
CISSP strongly preferred
Experience achieving compliance with HIPAA and other state and federal privacy regulations preferred

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.