Cybersecurity Risk Analyst

Location: Cincinnati OR Remote
Travel Requirements: Less than 10%

Job Summary 

PatientPoint is seeking a highly skilled Cybersecurity Analyst to own our Risk Management and Compliance (GRC) programs. This mission-critical role will involve performing IT risk assessments, managing risk register items, overseeing the lifecycle of risk acceptances and policy exceptions, and supporting third-party/vendor risk management. The ideal candidate will play a pivotal role in enhancing our GRC processes, ensuring adherence to security frameworks, and protecting PatientPoint’s information technology environment.

What You’ll Do

Risk Management:

• Perform IT risk assessments and audits, articulating technical risks in terms of business impact.
• Identify critical risks and issues, develop contingency plans, and escalate unresolved matters to senior management.
• Manage risk register items by assigning ownership, tracking progress, and driving remediation efforts.
• Manage the lifecycle of all risk acceptances and policy exceptions.
• Facilitate planning, execution, and reporting of risk assessments and audits to support compliance with security frameworks (CIS, HIPAA, NIST, ISO).

Compliance and GRC Program Management:

• Assist in the day-to-day management of the IT GRC program, identifying opportunities for improvement in existing processes and controls.
• Build and manage GRC frameworks and processes.
• Develop vendor assessment standards and processes for third-party technology vendors.

Incident Response:

• Participate in cybersecurity incident response activities.
• Assess the impact of incidents and initiate appropriate remediation measures.

Audits and Assessments:

• Conduct internal and external audits and assessments to verify adherence to security controls.
• Participate in compliance-related initiatives for HIPAA, NIST, ISO, and similar standards.
• Generate regular reports on the organization’s risk posture and security status.
• Present findings and recommendations to management and stakeholders.

What We Need

• 3+ years of professional experience in information technology.
• 1+ years in an IT security role with oversight of GRC processes.
• Strong, practical experience working in a HIPAA environment.
• Hands-on experience with the implementation and management of security frameworks such as ISO 27001, NIST, or CSF.
• Experience with Agile Project Management methodologies.
• Proficiency with ticketing systems such as JIRA or ServiceNow.
• Familiarity with conducting Business Impact Assessments.

Desired Qualifications

• Knowledge of GDPR, CCPA, VCDPA, or related privacy laws.
• Security certifications such as CISA, CIA, CISSP, CISM, CEH, or GISP.
• Experience with GRC tools like LogicGate, Lockpath, or OneTrust.

What You'll Need to Succeed

• Strong analytical and problem-solving skills.
• Excellent communication and presentation abilities.
• Proven ability to collaborate effectively across teams and manage multiple priorities.