Information Security Risk Analyst

At Eagle Consulting Partners, we provide cybersecurity, compliance, and IT risk management consulting to a variety of Small and Medium Business clients nationwide. We specialize in HIPAA-regulated organizations, including healthcare providers, local government agencies, and technology service vendors, and provide services in other industries.

We are seeking an intermediate-level information security risk analyst for our healthcare GRC practice.

This individual will conduct HIPAA Security Risk Assessments and provide other security and compliance advisory services to our clients. Candidates must have a foundational understanding of the risk assessment process and computer security fundamentals. We will train you in our particular tools and methods, but we have multiple open projects and need someone who can hit the ground running.

Type: Full-time
Location: Remote, United States only. Proximity to major airport preferred.
Availability during Eastern time zone standard business hours required.

Primary Responsibilities:

• Conduct HIPAA Security Risk Assessments, including presenting findings and prioritized recommendations to client leadership
• Provide ongoing risk management and trusted advisor services to clients
• Perform employee security awareness studies using simulated phishing attacks
• Manage online employee security awareness training programs for clients
• Perform technical vulnerability analyses, policy compliance reviews, disaster recovery planning, and other related services
• Conduct virtual and in-person (when safe) training and presentations
• Nationwide travel averaging 1-6 days per month was normal prior to COVID-19 – this will likely resume at some point
• Convey a deep sense of care for clients, partners, prospects, and fellow employees

Minimum Qualifications:

• 2+ years of experience working with technology governance, internal controls, and compliance activities including computer security risk assessment, IT audit, and industry-standard information security frameworks
• A foundational cybersecurity certification such as CompTIA Security+ or similar (OR ability to demonstrate equivalent knowledge and expertise through experience)
• Experience conducting security risk assessments or IT audits using standardized processes such as NIST SP 800-30, ISO 27001, SOC 2, or similar
• Experience working with cybersecurity controls frameworks and data privacy regulations such as NIST SP 800-53, ISO 27001/2, HIPAA, CIS Controls, NIST CSF, HITRUST, GDPR, CCPA, or similar
• Excellent written and oral communication skills with an ability to effectively communicate security considerations to technical and non-technical audiences
• Independent self-starter, able to manage multiple projects simultaneously
• Detail-oriented and organized, with good analytical and problem-solving abilities
• Strong aptitude with Microsoft Office

Outstanding Candidates may also have some of the following (not required):

• Experience working in healthcare or other HIPAA-regulated organizations
• Experience and/or certification in quantitative risk assessment methodologies such as the Factor Analysis of Information Risk (FAIR)
• Intermediate cybersecurity certifications such as CISSP, GSEC, CISM, CISA, CCSP, or similar
• Experience with writing and/or updating privacy and security policies
• Business consulting experience

To Apply:

Send resume, cover letter, and salary requirements to [email protected]. For questions contact Gary at 216-503-0355.

Eagle Consulting Partners, Inc., prevents and solves problems for healthcare-related organizations so that they can achieve better quality, revenue, and care.  We provide consulting, compliance, technology, and management-related expertise.  We are a small firm that operates on Catholic values, strives for authentic human connection in all interactions, and insists on excellence for all work so that we exceed client expectations.