Info Security Risk Analyst

Job Summary

The Info Security Risk Analyst fully applies basic information security principles and concepts to identify, manage, and report information security risk associated with the enterprise IT Infrastructure. This role exhibits technical and operational proficiency in solving problems of moderate complexity, facilitating assessments and analyses of systems to identify potential risks. The Info Security Risk Analyst manages communication and mitigation efforts for identified information security risks and reports progress to track communications, training, and other remediation efforts to ensure completion.

Education & Experience

Required:

• High School Degree or GED
• U.S. Citizen
• Must be able to receive a favorable Interim and adjudicated final Department of Defense (DOD) background investigation
• One year general technical support experience or Associate’s Degree
• Basic Information Security knowledge and understanding
• Proficiency in Microsoft Office
• Demonstrated experience in communicating effectively both orally and in writing with various levels of positions within an organization, from senior to entry level

Preferred:

• Knowledge of HITRUST, HIPAA, NIST 800-53 or 800-171

Key Responsibilities

• Actively participate and complete assigned tasks in security project planning and execution activities.
• Apply foundational information security principles to identify, manage, and report risks associated with enterprise IT infrastructure.
• Support assessments and analyses of systems to pinpoint potential risks.
• Support communication efforts regarding identified risks.
• Support the IS Security Team as requested to meet and maintain VA and NIST security requirements and TriWest contractual obligations.
• Monitor and report on the progress of communication, training, and remediation efforts.
• Assist in recurring auditing and validation reports of all systems maintained.
• Support timely completion of all risk-related initiatives.
• Performs other duties as assigned.
• Facilitate training programs to enhance awareness and understanding of information security risks and mitigation strategies.
• Regular and reliable attendance is required.

Competencies

• Communication / People Skills: Ability to influence or persuade others under positive or negative circumstances; adapt to different styles; listen critically; collaborate.
• Computer Literacy: Ability to function in a multi-system Microsoft environment using Word, Outlook, TriWest Intranet, the Internet, and department software applications.
• Creativity / Innovation: Ability to develop unique and novel solutions to problems; view change as necessary.
• Independent Thinking / Self-Initiative: Critical thinkers with ability to focus on things which matter most to achieving outcomes; commitment to task to produce outcomes without direction and to find necessary resources.
• High Intensity Environment: Ability to function in a fast-paced environment with multiple activities occurring simultaneously while maintaining focus and control of workflow.
• Multi-Tasking / Time Management: Prioritize and manage actions to meet changing deadlines and requirements within a high volume, high stress environment.
• Organizational Skills: Ability to organize people or tasks, adjust to priorities, learn systems, within time constraints and with available resources; detail-oriented.
• Problem Solving / Analysis: Ability to solve problems through systematic analysis of processes with sound judgment; has a realistic understanding of relevant issues.
• Team-Building / Team Player: Influence the actions and opinions of others in a positive direction and build group commitment.

Key skills/competency

• Information Security
• Risk Management
• IT Infrastructure
• Security Assessments
• Compliance (HITRUST, HIPAA, NIST)
• Security Reporting
• Remediation Efforts
• Security Training
• Microsoft Office
• Communication Skills