Senior Information Security Risk Analyst (HITRUST / NIST / HIPAA)

Job Title: Senior Information Security Risk Analyst (HITRUST / NIST / HIPAA)

Location: Remote
Employment Type: Contract
Experience Required: 10+ Years

Position Overview

We are seeking a highly experienced Senior Information Security Risk Analyst to lead enterprise risk assessment, governance, and compliance initiatives aligned with HITRUST, NIST, and HIPAA frameworks .

This engagement focuses on ensuring alignment with NIST SP 800-53 Rev. 5 , conducting risk assessments under NIST SP 800-30 , incorporating the NIST Privacy Framework , and positioning the organization for future HITRUST CSF certification .

The ideal candidate will have deep expertise in cybersecurity governance, risk management, and regulatory compliance within highly regulated environments (e.g., healthcare or BFSI).

Key Responsibilities

Risk Assessment & Governance

• Build and maintain a comprehensive enterprise risk register , including treatment plans (mitigation, transfer, acceptance, avoidance).

• Conduct formal risk assessments aligned with NIST SP 800-30 .

• Identify and evaluate risks related to data protection, vendor risk, and regulatory compliance.

Framework Alignment & Compliance

• Ensure full alignment with NIST SP 800-53 Rev. 5 control families, including:

  • RA - Risk Assessment

  • AC - Access Control

  • SC - System & Communications Protection

  • IR - Incident Response

  • Additional relevant control domains

• Map risks and mitigation efforts to HITRUST CSF control domains to support future certification readiness.

• Incorporate requirements from the NIST Privacy Framework into governance processes.

• Support and validate HIPAA compliance initiatives.

Documentation & Executive Reporting

• Develop detailed security documentation, dashboards, and executive-level summaries.

• Provide risk posture updates and remediation tracking reports to leadership.

• Maintain audit-ready documentation for regulatory and certification efforts.

Stakeholder & Governance Collaboration

• Collaborate with internal stakeholders across Security, IT, Compliance, and Business units.

• Validate findings, support remediation planning, and strengthen governance controls.

• Provide guidance on vendor risk assessments and third-party risk management.

Required Skills & Qualifications

• 10+ years of experience in Information Security Risk Management / GRC .

• Strong hands-on experience with:

  • HITRUST CSF (including certification readiness and risk mapping)

  • HIPAA compliance requirements

  • NIST SP 800-30 (Risk Assessment)

  • NIST SP 800-53 Rev. 5

  • NIST Privacy Framework

• Experience building and managing enterprise-level risk registers.

• Strong knowledge of cybersecurity governance and vendor risk assessment processes.

• Experience developing executive dashboards and reporting artifacts.

• Excellent communication and stakeholder management skills.

Preferred Experience

• Experience in healthcare or BFSI regulated environments.

• Prior experience supporting HITRUST certification initiatives .

• Familiarity with risk tooling and GRC platforms.

Technical & Functional Skills

Cybersecurity GRC | HITRUST CSF | HIPAA | NIST SP 800-30 | NIST SP 800-53 Rev. 5 | NIST Privacy Framework | Risk Register Management | Vendor Risk Assessment | Security Governance

Key Competencies

• Strong analytical and risk evaluation skills

• Executive-level reporting and communication

• Ability to drive compliance initiatives independently

• Strong governance and regulatory alignment expertise