IS Risk Analyst in Exeter, NH - Exeter Hospital Career Site IS Risk Analyst in Exeter, NH - BlackBear Communications

IS Risk Analyst

  • Exeter, NH
  • Exeter Hospital
  • Information Services
  • full time
  • Req #: 11472
  •  Day Shift - M-F 8am to 430pm
Apply Now Save Job Saved


Reporting to the Chief Information Security Officer, the Information Security Risk Analyst assists with ensuring the efficacy of the Information Security Program by conducting audits of processes, devices, and systems and information security risk assessments, participating in educational initiatives, reviewing and, as necessary, revising policies and procedures, and preparing reports.


  • High School Diploma or GED
  • HCISPP, CISSP,CISA, CRISC, CCFSP or relevant certifications upon hire
  • 2 to 5 years of directly related experience
  • Understanding of third party risk assessment processes & IT auditing
  • Strong oral and written presentation & communication skills

Major Responsibilities:

  1. Conduct security risk assessments on internal and externally hosted products and services; provide recommendations and coordinate the resolution of vulnerabilities with clinical and administrative leaders and system administrators.
  2. Review and assess audit reports (e.g., SOC 2) and other reports (e.g., system audit logs, penetration tests).
  3. Partner with IT leadership, managers, and team members to ensure security, risk and compliance issues are identified, defined, communicated, and addressed.
  4. Monitor adherence to all applicable regulatory requirements and organizational policies and procedures to ensure that the appropriate control environment is implemented, documented, and maintained.
  5. Audit and measure (technical, administrative, and physical) controls and processes against industry standard frameworks and monitor controls and processes for quality and compliance with applicable requirements.
  6. Assist with facilitation, performance, and documentation of regular audit activities.
  7. Assist in delivering phishing simulations and phishing education to staff.
  8. Assist in enhancing or delivering information security awareness program content.
  9. Maintain project status reports and assist with other project or task related deliverables.
  10. Provide effective mentoring and guidance to other IT personnel and, in support thereof, assist in developing/revising policy, standards and procedures that promote an effective Information Security Program.






Additional Information


Related Jobs

Not finding a job that meets your interest?

Join our Talent Community by uploading your resume and telling us about your interests. We will notify you about relevant positions and keep you in mind when we have interesting opportunities.

Join Our Talent Community