Job Summary Join Novant Health’s Information Technology team as an Information Security Risk Analyst, on the IT Governance, Risk, and Compliance (IT GRC) team, where you’ll play a critical role in safeguarding our information systems and supporting our mission to deliver remarkable care. Schedule: 8:00AM – 5:00PM (On call support required, as needed). Location: Remote Department: ETS – Information Security Key Responsibilities As an Information Security Risk Analyst, you will: Monitor and assess IT & security risks across information systems throughout their lifecycle. Controls testing: Perform ongoing assessment of IT controls to ensure they are operating effectively and efficiently. This includes testing and evaluating controls to provide assurance that they meet established standards. Identify and document sensitive data stored, transmitted, or processed within systems. Enforce security principles such as least privilege and least functionality. Provide actionable insights to senior leadership to support risk-informed decision-making. Develop and maintain risk management procedures, including: Evaluating the significance of identified risks. Defining acceptable mitigation strategies and risk tolerance. Establishing ongoing risk monitoring practices. Ensuring effective oversight of the risk management strategy. Strategic Impact You’ll ensure that all risk management activities align with Novant Health’s mission, business objectives, and overall risk strategy. Your work will directly influence how we protect our operations, assets, and individuals. Ideal Candidate Strong understanding of cybersecurity principles; vendor risk; and risk management frameworks. Experience with information system lifecycle management and vendor lifecycle management. Ability to communicate complex risk scenarios to technical and non-technical stakeholders. Proactive, detail-oriented, and committed to continuous improvement. Responsibilities It is the responsibility of every Novant Health team member to deliver the most remarkable patient experience in every dimension, every time. Our team members are part of an environment that fosters team work, team member engagement and community involvement. The successful team member has a commitment to leveraging diversity and inclusion in support of quality care. All Novant Health team members are responsible for fostering a safe patient environment driven by the principles of "First Do No Harm". Qualifications Education: 4 Year / Bachelors Degree, required. Experience: Minimum three years Information Security Risk Analysis, Information Security, required. Licensure/Certification: (CRISC) and (CompTIA Security+ or CompTIA Healthcare IT Tech) or equivalent. (Two cert req), required. Additional Skills (required): Intermediate knowledge of risk management processes (e.g., methods for assessing and mitigating risk). Intermediate knowledge of national laws, regulations, policies, and ethics as they relate to cybersecurity. Intermediate knowledge of cybersecurity principles. Intermediate knowledge of cyber threats and vulnerabilities. Basic knowledge of cyber defense mitigation techniques and vulnerability assessment tools, including open source tools, and their capabilities. Intermediate knowledge of known vulnerabilities from alerts, advisories, errata, and bulletins. Intermediate knowledge of information assurance (IA) principles and organizational requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data. Intermediate knowledge of current industry methods for evaluating, implementing, and disseminating information technology (IT) security assessment, monitoring, detection, and remediation tools and procedures, utilizing standards-based concepts, and capabilities. Intermediate knowledge of new and emerging Information Technology (IT) and cyber security technologies. Intermediate knowledge of the organization’s enterprise information technology (IT) goals and objectives. Intermediate knowledge of the organization's core business/mission processes. Intermediate knowledge of Personally Identifiable Information (PII) and Payment Card Industry (PCI) data security standards. Intermediate knowledge of applicable laws (e.g., Electronic Communications Privacy Act, Foreign Intelligence Surveillance Act, Protect America Act, search and seizure laws, civil liberties and privacy laws), U.S. Statutes (e.g., Titles 10, 18, 32, 50 in U.S. Code), Presidential Directives, executive branch guidelines, and/or administrative/criminal legal guidelines and procedures relevant to work performed. Basic knowledge of information technology (IT) supply chain security and risk management policies, requirements, and procedures. Intermediate skill in evaluating the trustworthiness of the supplier and/or product. Intermediate knowledge of relevant laws, policies, procedures, or governance related to work impacting critical infrastructure. Intermediate knowledge of information classification programs and procedures for information loss. Interpersonal communication skill, both written and oral, with the ability to communicate effectively to technical and non-technical audiences. Attention to detail and organization skills. Analysis and critical thinking skills. Ability to develop productive working relationships with business and technical groups. Ability to effectively prioritize multiple responsibilities. Ability to take direction as well as work with a moderate degree of independence. Ability to work as a member of a team. Ability to eagerly seize responsibility and ownership for assigned tasks. Ability to drive/travel to multiple locations/facilities as needed. Additional Skills (preferred): Basic knowledge of information security architecture principles. Basic knowledge of incident response methodologies. Basic knowledge of security tools (IDS, FIM, Vulnerability Scanner, SIEM, Forensics, Network Mapping, Penetration Testing, Encryption, etc.). Basic knowledge of penetration testing methods (i.e.; black-box, white-box). Basic knowledge of systems testing and evaluation methods (i.e.; unit testing, integration testing, regression testing). Job Opening ID 108210